Marked packet forwarding

US 8,611,351 B2
Filed: 02/14/2011
Issued: 12/17/2013
Est. Priority Date: 04/19/2007
Status: Active Grant

First Claim

Patent Images

1. A network chip comprising:

logic to;

identify identity information of an originating network device based on information of a packet received from the originating network device;

determine a handle associated with the originating network device of the received packet using information from a header of the packet;

mark the packet with the handle;

store the handle and the identity information of the originating network device in a memory local to the network chip in a manner that associates the handle with the identity information of the originating network device;

change a destination address of the packet to an address of a checking functionality to redirect the packet to the checking functionality instead of the original destination of the packet; and

forward the marked packet to the checking functionality that detects unwanted network activity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network, network devices, and methods are described for marked packet forwarding. A network device includes a network chip having a number of network ports for receiving and transmitting packets. The network chip includes logic to decapsulate a packet received from a tunnel, mark the packet with a handle associated with an originating network device of the packet using information from an encapsulation header, and forward the marked packet to a checking functionality having a destination address different from an original destination address of the packet.

Citations

15 Claims

1. A network chip comprising:
- logic to;
  
  identify identity information of an originating network device based on information of a packet received from the originating network device;
  
  determine a handle associated with the originating network device of the received packet using information from a header of the packet;
  
  mark the packet with the handle;
  
  store the handle and the identity information of the originating network device in a memory local to the network chip in a manner that associates the handle with the identity information of the originating network device;
  
  change a destination address of the packet to an address of a checking functionality to redirect the packet to the checking functionality instead of the original destination of the packet; and
  
  forward the marked packet to the checking functionality that detects unwanted network activity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The network chip of claim 1, wherein the logic is further to:
    - insert the handle into the packet as a service virtual local area network (VLAN) tag.
  - 3. The network chip of claim 1, wherein the logic is further to:
    - receive the packet from the checking functionality;
      
      perform a lookup in the memory using the handle to determine the identity information of the packet'"'"'s originating network device after receipt of the packet from the checking functionality, wherein the identity information comprises an IP address of the originating network device;
      
      encapsulate the packet using the IP address as an IP destination address; and
      
      forward the encapsulated packet to the originating network device to continue forwarding of the packet toward the original destination.
  - 4. The network chip of claim 3, wherein the logic is further to:
    - extract a service VLAN tag containing the handle prior to forwarding the encapsulated packet.
  - 5. The network chip of claim 3, wherein the logic is further to:
    - associate the handle with an identity of an ingress port on a device in which the network chip is provided, wherein the ingress port comprises the ingress port through which the packet was received into the device.
  - 6. The network chip of claim 5, wherein the logic is further to:
    - ignore the original destination address of the packet upon return of the packet from the checking functionality.
  - 7. The network chip of claim 1, wherein the logic is further to:
    - receive the packet from the originating network device as a tunnel-encapsulated packet having an encapsulation header; and
      
      determine the handle from a generic routing encapsulation (GRE) header portion of the encapsulation header.
  - 8. The network chip of claim 1, wherein the logic is further to:
    - receive the packet from the originating network device, wherein the packet comprises an encapsulated packet diverted using tunnel encapsulation from a path to the original destination by the originating network device;
      
      decapsulate the packet, the packet being received from a tunnel connected to the originating network device;
      
      wherein the originating network device is identified based upon tunnel encapsulation information of the packet.

9. A method for packet forwarding, comprising:
- in a network chip,identifying identity information of an originating network device based on information of a packet received from the originating network device;
  
  determining a handle indicative of the packet'"'"'s originating network device using information from a header of the packet;
  
  marking the packet with the handle;
  
  storing the handle and the identity information of the originating network device in a memory local to the network chip in a manner that associates the handle with the identity information of the originating network device;
  
  changing a destination address of the packet to an address of a checking functionality to redirect the packet to the checking functionality instead of the original destination of the packet; and
  
  forwarding the marked packet to the checking functionality, wherein the checking functionality detects unwanted network activity.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method recited in claim 9, further comprising:
    - in the network chip,receiving the packet from the checking functionality;
      
      determining the identity information of the packet'"'"'s originating network device corresponding to the handle from the association between the handle and the identity information of the originating network device stored in the memory; and
      
      returning the packet to the originating network device to continue being forwarded toward the original destination.
  - 11. The method recited in claim 10, wherein:
    - determining the identity information includes performing a lookup in the memory by using the handle to determine the identify information of the packet'"'"'s originating network device, wherein the identity information comprises an IP address of the originating network device; and
      
      returning the packet includes encapsulating the packet, using the IP address as an IP destination address, and forwarding the encapsulated packet to the IP destination address.
  - 12. The method recited in claim 10, wherein returning the packet to the originating network device further comprises forwarding the packet to the originating network device through a secure virtual tunnel.
  - 13. The method recited in claim 9, wherein a portion of the handle corresponds to the identity of a port of initial ingress of the packet to the originating network device before being diverted to the checking functionality.
  - 14. The method recited in claim 9, further comprising:
    - in the network chip,receiving the packet from the originating network device, wherein the packet comprises a tunnel-encapsulation header, and wherein the packet was diverted to the network chip using tunnel encapsulation from a path to the original destination by the originating network device.
  - 15. The method recited in claim 14, further comprising:
    - in the network chip,removing the tunnel-encapsulation header of the packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Gooch, Mark, LaVigne, Bruce E., Albrecht, Alan R., Jorgensen, Steven G.
Primary Examiner(s)
Chriss, Andrew
Assistant Examiner(s)
KAMARA, MOHAMED A

Application Number

US13/026,803
Publication Number

US 20110134932A1
Time in Patent Office

1,037 Days
Field of Search

370/392, 370/401, 370/409, 370/463, 370/389, 370/389.32, 370/395.52, 709/223, 709/236
US Class Current

370/392
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 41/00   Arrangements for maintenanc...

H04L 41/34   Signalling channels for net...

H04L 63/029   Firewall traversal, e.g. tu...

Marked packet forwarding

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Marked packet forwarding

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links