Variable-based forwarding path construction for packet processing within a network device

US 8,948,174 B2
Filed: 06/29/2011
Issued: 02/03/2015
Est. Priority Date: 06/29/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

installing, to an integrated circuit of a network device forwarding plane, a packet processing template that defines a plurality of internal execution paths within the integrated circuit for processing a plurality of packet flows mapped to the packet processing template, each of the plurality of internal execution paths including a common service object and one or more distinct service objects respectively representing corresponding hardware of the integrated circuit and chained together as a series of next hop operations applied by the integrated circuit,wherein different values for a variable of the packet processing template determine, at least in part, the internal execution paths of the plurality of internal execution paths for processing different packet flows of the plurality of packet flows;

installing, to the network device forwarding plane, a first subscriber record for a first packet flow of the plurality of packet flows, wherein the first subscriber record includes a first variable value for the variable that identifies a first internal execution path of the plurality of internal execution paths;

in response to receiving a first packet associated with the first packet flow, determining, by the integrated circuit of the network device forwarding plane based at least in part on the first subscriber record, the first variable value of the first subscriber record for the first packet flow; and

in response to determining the first variable value identifies the first internal execution path of the plurality of execution paths, processing, by the integrated circuit of the network device forwarding plane, the first packet using the first internal execution path of the plurality of internal execution paths.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, this disclosure describes techniques for applying, with a network device, subscriber-specific packet processing using an internal processing path that includes service objects that are commonly applied to multiple packet flows associated with multiple subscribers. In one example, a network device control plane creates subscriber records that include, for respective subscribers, one or more variable values that specify service objects as well as an identifier for a packet processing template. A forwarding plane of the network device receives and maps subscriber packets to an associated subscriber record and then processes the packet by executing the packet processing template specified by the subscriber record. When the forwarding plane reaches a variable while executing the specified packet processing template, the forwarding plane reads the associated variable value from the subscriber record to identify and then apply the subscriber-specific service object specified by the variable.

53 Citations

View as Search Results

32 Claims

1. A method comprising:
- installing, to an integrated circuit of a network device forwarding plane, a packet processing template that defines a plurality of internal execution paths within the integrated circuit for processing a plurality of packet flows mapped to the packet processing template, each of the plurality of internal execution paths including a common service object and one or more distinct service objects respectively representing corresponding hardware of the integrated circuit and chained together as a series of next hop operations applied by the integrated circuit,wherein different values for a variable of the packet processing template determine, at least in part, the internal execution paths of the plurality of internal execution paths for processing different packet flows of the plurality of packet flows;
  
  installing, to the network device forwarding plane, a first subscriber record for a first packet flow of the plurality of packet flows, wherein the first subscriber record includes a first variable value for the variable that identifies a first internal execution path of the plurality of internal execution paths;
  
  in response to receiving a first packet associated with the first packet flow, determining, by the integrated circuit of the network device forwarding plane based at least in part on the first subscriber record, the first variable value of the first subscriber record for the first packet flow; and
  
  in response to determining the first variable value identifies the first internal execution path of the plurality of execution paths, processing, by the integrated circuit of the network device forwarding plane, the first packet using the first internal execution path of the plurality of internal execution paths.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the first variable value specifies a first service object of the one or more distinct service objects of the first internal execution path, the method further comprising:
    - determining the first variable value of the first subscriber record; and
      
      responsive to determining the first variable value, applying the first service object to the first packet.
  - 3. The method of claim 1, further comprising:
    - installing, to the network device forwarding plane, a second subscriber record for a second packet flow of the plurality of packets flows, wherein the second subscriber record includes a second variable value for the variable that identifies a second internal execution path of the plurality of internal execution paths;
      
      in response to receiving, with the network device, a second packet associated with the second packet flow, determining, by the integrated circuit of the network device forwarding plane based at least in part on the second subscriber record, the second variable value of the second subscriber record for the second packet flow;
      
      in response to determining the second variable value identifies the second internal execution path of the plurality of execution paths, processing, by the integrated circuit of the network device forwarding plane, the second packet using the second internal execution path of the plurality of internal execution paths.
  - 4. The method of claim 1, further comprising:
    - allocating a service object in the integrated circuit of the network device forwarding plane, wherein the service object comprises one of the one or more distinct service objects of the first internal execution path of the plurality of execution paths; and
      
      adding a service descriptor for the service object to the first subscriber record as the first variable value,wherein processing the first packet using the first internal execution path of the plurality of execution paths comprises;
      
      determining the first variable value for the first subscriber record to identify the service descriptor;
      
      resolving the service descriptor to the service object; and
      
      executing the service object to apply a first service to the first packet.
  - 5. The method of claim 4, wherein the service object is selected from the group consisting of a filter, classifier, class of service queue, counter, policer, lawful intercept component, traffic flow template, routing table, or mobility tunnel endpoint identifier handler.
  - 6. The method of claim 1, wherein processing the first packet using the first internal execution path of the plurality of execution paths comprises applying, by the integrated circuit of the network device forwarding plane, the common service to the first packet.
  - 7. The method of claim 1, further comprising:
    - setting a default service object for the variable in the packet processing template, the default service object representing a hardware of the integrated circuit;
      
      installing, to the network device forwarding plane, a second subscriber record for a second packet flow that is different than the first packet flow;
      
      receiving a second packet associated with the second packet flow;
      
      applying, by the integrated circuit of the network device forwarding plane, a second service object to the second packet if the second subscriber record specifies a second variable value for the variable that specifies the second service object, the second service object representing a hardware of the integrated circuit; and
      
      applying the default service object to the second packet only if second subscriber record does not specify a second variable value for the variable.
  - 8. The method of claim 1, further comprising:
    - installing, to the network device forwarding plane, a second subscriber record for a second packet flow that is different than the first packet flow;
      
      receiving a second packet associated with the second packet flow;
      
      applying, by the integrated circuit of the network device forwarding plane, a second service object to the second packet if the second subscriber record specifies a second variable value for the variable that specifies the second service object, the second service object representing a hardware of the integrated circuit; and
      
      applying no operation to the second packet for the variable if the second subscriber record does not specify a second variable value for the variable.
  - 9. The method of claim 1, wherein the first subscriber record specifies the packet processing template.
  - 10. The method of claim 1, further comprising:
    - associating the packet processing template with a logical interface that determines a common set of services for the plurality of packet flows mapped to the logical interface; and
      
      specifying the logical interface in the first subscriber record.
  - 11. The method of claim 10, further comprising:
    - installing, to the network device forwarding plane, a second subscriber record for a second packet flow of the plurality of packet flows; and
      
      specifying the logical interface in the second subscriber record.
  - 12. The method of claim 1, further comprising:
    - adding, to the first subscriber record, a subscriber record lookup key that uniquely identifies the first subscriber record;
      
      applying a hash function to the first packet to generate a hash index, wherein the hash index references the first subscriber record; and
      
      matching the subscriber record lookup key to the first packet to associate the first subscriber record with the first packet.
  - 13. The method of claim 12, further comprising:
    - adding, to the network device forwarding plane, a subscriber termination model lookup key that specifies one or more packet parameters, wherein values for the packet parameters uniquely identify a packet flow for a subscriber termination model; and
      
      applying the hash function to values of the first packet for the packet parameters, wherein the network device receives the first packet in a subscriber connection that conforms to the subscriber termination model.
  - 14. The method of claim 1, further comprising:
    - storing first subscriber record data to a record buffer of the forwarding plane; and
      
      processing the first packet with the packet processing template using the first subscriber record data.
  - 15. The method of claim 1, further comprising:
    - identifying, with a control plane of the network device, a common service for application to multiple packet flows;
      
      generating the packet processing template with the control plane to include the common service object for the common service;
      
      installing, with the control plane, the packet processing template to the forwarding plane.
  - 16. The method of claim 1, further comprising:
    - generating the first subscriber record with the control plane;
      
      sending the first subscriber record from the control plane to the network device forwarding plane.

17. A network device comprising:
- an interface card;
  
  a control unit comprising one or more processors; and
  
  an integrated circuit associated with the interface card, the integrated circuit comprising;
  
  a key engine;
  
  a packet processing template that defines a plurality of internal execution paths within the integrated circuit for processing a plurality of packet flows mapped to the packet processing template, each of the plurality of internal execution paths including a common service object and one or more distinct service objects respectively representing corresponding hardware of the integrated circuit and chained together as a series of next hop operations applied by the integrated circuit,wherein different values for a variable of the packet processing template determine, at least in part, the internal execution paths of the plurality of internal execution paths for processing different packet flows of the plurality of packet flows; and
  
  a first subscriber record for a first packet flow of the plurality of packet flows, wherein the first subscriber record includes a first variable value for the variable that identifies a first internal execution path of the plurality of internal execution paths,wherein the interface card receives a first packet associated the first packet flow, andwherein the key engine, in response to receiving the first packet and based at least in part on the first subscriber record, determines the first variable value of the first subscriber record for the first packet flow, andwherein the key engine, in response to determining the first variable value identifies the first internal execution path of the plurality of execution paths, processes the first packet using the first internal execution path of the plurality of internal execution paths.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 18. The network device of claim 17,wherein the first variable value specifies a first service object of the one or more distinct service objects of the first internal execution path,wherein the key engine determines the first variable value of the first subscriber record and, responsive to determining the first variable value, applies the first service object to the first packet.
  - 19. The network device of claim 17,wherein the forwarding component further comprises a second subscriber record for a second packet flow of the plurality of packets flows, wherein the second subscriber record includes a second variable value for the variable that identifies a second internal execution path of the plurality of internal execution paths,wherein the interface card receives a second packet associated with the second packet flow,wherein the key engine determines, based at least in part on the second subscriber record, the second variable value of the second subscriber record for the second packet flow, andwherein the key engine, in response to determining the second variable value identifies the second internal execution path of the plurality of execution paths, processes the second packet using the second internal execution path of the plurality of internal execution paths.
  - 20. The network device of claim 17, further comprising:
    - a daemon executed by the processors that manages subscriber services for the network device; and
      
      a forwarding component interface executed by the processors,wherein the daemon invokes the forwarding component interface to allocate a service object in the integrated circuit, wherein the service object comprises one of the one or more distinct service objects of the first internal execution path of the plurality of execution paths,wherein the daemon generates the first subscriber record by adding a service descriptor for the service object to the first subscriber record as the first variable value,wherein the daemon invokes the forwarding component interface to send the subscriber record to the forwarding component,wherein the key engine, to execute the packet processing template, determines the first variable value for the first subscriber record to identify the service descriptor, resolves the service descriptor to the service object, and executes the service object to apply a first service to the first packet.
  - 21. The network device of claim 17, wherein the service object is selected from the group consisting of a filter, classifier, class of service queue, counter, policer, lawful intercept component, traffic flow template, routing table, or mobility tunnel endpoint identifier handler.
  - 22. The network device of claim 17, wherein the first subscriber record specifies the packet processing template.
  - 23. The network device of claim 17, further comprising:
    - a logical interface of the integrated circuit that determines a common set of services for the plurality of packet flows mapped to the logical interface and is associated with the packet processing template,wherein the first subscriber record specifies the logical interface.
  - 24. The network device of claim 23,wherein the integrated circuit further comprises a second subscriber record that includes a second variable value for the variable that specifies a second service object, andwherein the second subscriber record specifies the logical interface.
  - 25. The network device of claim 17, further comprising:
    - a subscriber record lookup key of the first subscriber record that uniquely identifies the first subscriber record; and
      
      a hash engine that applies a hash function to the first packet to generate an index, wherein the hash index references the first subscriber record, and wherine the hash engine matches the subscriber record lookup key to the first packet to associate the first subscriber record with the first packet.
  - 26. The network device of claim 25, further comprising:
    - a subscriber interface for a subscriber connection that conforms to a subscriber termination model; and
      
      a lookup key table that includes a subscriber termination model lookup key that specifies one or more packet parameters, wherein values for the packet parameters uniquely identify a packet flow for the subscriber termination model,wherein the interface card receives the first packet in the subscriber connection, andwherein the hash engine applies the hash function to values of the first packet for the packet parameters.
  - 27. The network device of claim 17, further comprising:
    - a record buffer of the integrated circuit that stores first subscriber record data while the key engine processes the first packet,wherein the key engine processes the first packet with the packet processing template using the first subscriber record data.
  - 28. The network device of claim 17, further comprising:
    - a daemon executed by the processors that manages subscriber services for the network device,a forwarding component interface to the integrated circuit executed by the processors,wherein the daemon identifies a common service for application to multiple packet flows, generates the packet processing template to include the common service object of the integrated circuit for the common service, and invokes the forwarding component interface to install the packet processing template to the forwarding component.
  - 29. The network device of claim 17, further comprising:
    - a daemon executed by the processors that manages subscriber services for the network device,a forwarding component interface to the integrated circuit executed by the processors,wherein the daemon generates the first subscriber record and invokes the forwarding component interface to send the first subscriber record to the integrated circuit.

30. A non-transitory computer-readable medium comprising instructions for causing one or more programmable processors and an integrated circuit of a network device forward plane to:
- install, to the integrated circuit of a network device forwarding plane, a packet processing template that defines a plurality of internal execution paths within the integrated circuit for processing a plurality of packet flows mapped to the packet processing template, each of the plurality of internal execution paths including a common service object and one or more distinct service objects respectively representing corresponding hardware of the integrated circuit and chained together as a series of next hop operations applied by the integrated circuit,wherein different values for a variable of the packet processing template determine, at least in part, the internal execution paths of the plurality of internal execution paths for processing different packet flows of the plurality of packet flows;
  
  install, to the network device forwarding plane, a first subscriber record for a first packet flow of the plurality of packet flows, wherein the first subscriber record includes a first variable value for the variable that identifies a first internal execution path of the plurality of internal execution paths;
  
  in response to receiving a first packet associated with the first packet flow, determine, by the integrated circuit of the network device forwarding plane based at least in part on the first subscriber record, the first variable value of the first subscriber record for the first packet flow; and
  
  in response to determining the first variable value identifies the first internal execution path of the plurality of execution paths, process, by the integrated circuit of the network device forwarding plane, the first packet using the first internal execution path of the plurality of internal execution paths.
- View Dependent Claims (31, 32)
- - 31. The non-transitory computer-readable medium of claim 30, wherein the first variable value specifies a first service object of the one or more distinct service objects of the first internal execution path, and wherein the instructions further cause the integrated circuit to:
    - determine the first variable value of the first subscriber record; and
      
      responsive to determining the first variable value, apply the first service object to the first packet.
  - 32. The non-transitory computer-readable medium of claim 31, wherein the instructions further cause the one or more programmable processors and the integrated circuit of the network device forward plane to:
    - install, to the network device forwarding plane, a second subscriber record for a second packet flow of the plurality of packets flows, wherein the second subscriber record includes a second variable value for the variable that identifies a second internal execution path of the plurality of internal execution paths;
      
      in response to receiving, with the network device, a second packet associated with the second packet flow, determine, by the integrated circuit of the network device forwarding plane based at least in part on the second subscriber record, the second variable value of the second subscriber record for the second packet flow;
      
      in response to determining the second variable value identifies the second internal execution path of the plurality of execution paths, processing, by the integrated circuit of the network device forwarding plane, the second packet using the second internal execution path of the plurality of internal execution paths.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Szyszko, Andrzej, Mehta, Apurva, Mehta, Kumar, Krishna, Gopi, Grandhi, Jagadish, Attarwala, Murtuza
Primary Examiner(s)
Li, Guang

Application Number

US13/172,505
Publication Number

US 20130003736A1
Time in Patent Office

1,315 Days
Field of Search

370/392
US Class Current

370/392
CPC Class Codes

H04L 41/5048   Automatic or semi-automatic...

H04L 45/56   Routing software

H04L 45/745   Address table lookup; Addre...

H04L 47/2441   relying on flow classificat...

Variable-based forwarding path construction for packet processing within a network device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Variable-based forwarding path construction for packet processing within a network device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links