System and method for flow table management

US 8,767,551 B2
Filed: 01/25/2012
Issued: 07/01/2014
Est. Priority Date: 01/27/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

in a system that processes communication packets, maintaining a list of active packet flows and respective actions that are specified for application to the packet flows, and a set of packet processing rules and a list of packet flows;

based on the rules, defining respective actions for application to the packet flows;

accepting a change in the packet processing rules;

classifying an input packet into a packet flow from the list;

verifying that a respective action applicable to the packet flow matches the packet processing rules only upon arrival of a first packet belonging to the packet flow following the change in the packet processing rules;

applying the verified action to the input packet;

classifying the input packets into the packet flows based on the processing rules, and applying to each input packet a respective action in accordance with the list;

defining different respective time-out periods for different ones of the packet flows on the list; and

upon detecting that no packet belonging to a given packet flow was accepted within a respective time-out period of the given packet flow, deleting the given packet flow from the list of the active flows.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for managing the actions that are applied to packet flows by packet processing systems. A packet processing system maintains a flow table, i.e., a list of active flows and respective actions to be applied to the flows. The system classifies each incoming packet into a respective flow, and processes the packet in accordance with the action that is specified for this flow in the flow table. Typically, the system deletes a packet flow from the flow table when it becomes inactive, e.g., when no packets belonging to the flow arrive within a certain time-out period.

Citations

17 Claims

1. A method, comprising:
- in a system that processes communication packets, maintaining a list of active packet flows and respective actions that are specified for application to the packet flows, and a set of packet processing rules and a list of packet flows;
  
  based on the rules, defining respective actions for application to the packet flows;
  
  accepting a change in the packet processing rules;
  
  classifying an input packet into a packet flow from the list;
  
  verifying that a respective action applicable to the packet flow matches the packet processing rules only upon arrival of a first packet belonging to the packet flow following the change in the packet processing rules;
  
  applying the verified action to the input packet;
  
  classifying the input packets into the packet flows based on the processing rules, and applying to each input packet a respective action in accordance with the list;
  
  defining different respective time-out periods for different ones of the packet flows on the list; and
  
  upon detecting that no packet belonging to a given packet flow was accepted within a respective time-out period of the given packet flow, deleting the given packet flow from the list of the active flows.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, wherein maintaining the list comprises storing, for each packet flow, a respective time stamp that indicates a respective time at which a most recent packet belonging to the packet flow was accepted, and wherein detecting that no packet was accepted within the time-out period comprises comparing a current time to the respective time stamp of the given packet flow.
  - 3. The method according to claim 1, wherein maintaining the list comprises storing the time-out periods on the list in association with the respective packet flows.
  - 4. The method according to claim 1, wherein defining the time-out periods comprises applying a predefined criterion to the respective packet flows.
  - 5. The method according to claim 1, wherein defining the time-out periods comprises setting the time-out periods based on respective protocol types used for sending the respective packet flows.
  - 6. The method according to claim 1, wherein defining the time-out periods comprises setting the time-out periods based on respective application types whose data are conveyed by the respective packet flows.
  - 7. The method according to claim 1, wherein, for a first packet flow having a first characteristic inter-packet interval and a second packet flow having a second characteristic inter-packet interval that is larger than the first characteristic inter-packet interval, defining the time-out periods comprises setting respective first and second time-out periods for the first and second packet flows, such that the second time-out period is longer than the first time-out period.
  - 8. The method according to claim 1, and comprising selecting the given packet flow for evaluation of the time-out period based on a predefined selection criterion.
  - 9. The method according to claim 8, wherein maintaining the list comprises representing the list by a hash table, wherein classifying the input packets comprises computing a respective hash index for each input packet and accessing the hash table using the hash index, and wherein the selection criterion specifies, upon receiving a given input packet having a given hash index, selection of one or more of the packet flows corresponding to the given hash index.

10. Apparatus, comprising:
- a memory, which is configured to hold a list of active packet flows and respective actions that are specified for application to the packet flows; and
  
  processing circuitry, which is configured to maintain the list, to classify input packets into the packet flows, wherein the processing circuitry checks whether a rule change has occurred after the previous packet of this flow has arrived, at a change checking step, and if not, proceeds to process the packet according to the action that is specified in field of entry of the flow,wherein the processing circuitry applies to each input packet a respective action in accordance with the list, to define different respective time-out periods for different ones of the packet flows on the list, and, upon detecting that no packet belonging to a given packet flow was accepted within a respective time-out period of the given packet flow, deletes the given packet flow from the list of the active flows.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The apparatus according to claim 10, wherein the processing circuitry is configured to store on the list, for each packet flow, a respective time stamp that indicates a respective time at which a most recent packet belonging to the packet flow was accepted, and to detect that no packet was accepted within the time-out period by comparing a current time to the respective time stamp of the given packet flow.
  - 12. The apparatus according to claim 10, wherein the processing circuitry is configured to store the time-out periods on the list in association with the respective packet flows.
  - 13. The apparatus according to claim 10, wherein the processing circuitry is configured to define the time-out periods by applying a predefined criterion to the respective packet flows.
  - 14. The apparatus according to claim 10, wherein the processing circuitry is configured to set the time-out periods based on respective protocol types used for sending the respective packet flows.
  - 15. The apparatus according to claim 10, wherein the processing circuitry is configured to set the time-out periods based on respective application types whose data are conveyed by the respective packet flows.
  - 16. The apparatus according to claim 10, wherein, for a first packet flow having a first characteristic inter-packet interval and a second packet flow having a second characteristic inter-packet interval that is larger than the first characteristic inter-packet interval, the processing circuitry is configured to set respective first and second time-out periods for the first and second packet flows, such that the second time-out period is longer than the first time-out period.
  - 17. The apparatus according to claim 10, wherein the processing circuitry is configured to select the given packet flow for evaluation of the time-out period based on a predefined selection criterion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cognyte Technologies Israel Ltd. (Cognyte Software Ltd.)
Original Assignee
Verint Systems Limited (Verint Systems Incorporated)
Inventors
Goldfarb, Eithan, Altman, Yuval, Frid, Naomi, Yaari, Gur
Primary Examiner(s)
CHAN, SAI MING

Application Number

US13/358,482
Publication Number

US 20120213074A1
Time in Patent Office

888 Days
Field of Search

370/235, 370/392
US Class Current

370/235
CPC Class Codes

H04L 43/026   using flow identification

H04L 47/2441   relying on flow classificat...

H04L 63/1416   Event detection, e.g. attac...

System and method for flow table management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for flow table management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links