Rule swapping in a packet network
DC CAFCFirst Claim
Patent Images
1. A method comprising:
- receiving, by a network protection device, a first rule set and a second rule set;
preprocessing, by the network protection device, the first rule set and the second rule set to optimize performance of the network protection device for processing packets in accordance with at least one of the first rule set or the second rule set;
configuring at least two processors of the network protection device to process packets in accordance with the first rule set;
after the preprocessing and the configuring, receiving, by the network protection device, a plurality of packets;
processing, by the network protection device and in accordance with the first rule set, a portion of the plurality of packets;
signaling, each processor of the at least two processors, to process packets in accordance with the second rule set; and
configuring, each processor of the at least two processors, to responsive to the signaling to process packets in accordance with the second rule set;
cease processing of one or more packets;
cache the one or more packets;
reconfigure to process packets in accordance with the second rule set;
signal completion of reconfiguration to process packets in accordance with the second rule set; and
responsive to receiving signaling that each other processor of the at least two processors has completed reconfiguration to process packets in accordance with the second rule set, process, in accordance with the second rule set, the one or more packets.
4 Assignments
Litigations
0 Petitions
Accused Products
Abstract
In some variations, first and second rule sets may be received by a network protection device. The first and second rule sets may be preprocessed. The network protection device may be configured to process packets in accordance with the first rule set. Packets may be received by the network protection device. A first portion of the packets may be processed in accordance with the first rule set. The network protection device may be reconfigured to process packets in accordance with the second rule set. A second portion of the packets may be processed in accordance with the second rule set.
64 Citations
24 Claims
-
1. A method comprising:
-
receiving, by a network protection device, a first rule set and a second rule set; preprocessing, by the network protection device, the first rule set and the second rule set to optimize performance of the network protection device for processing packets in accordance with at least one of the first rule set or the second rule set; configuring at least two processors of the network protection device to process packets in accordance with the first rule set; after the preprocessing and the configuring, receiving, by the network protection device, a plurality of packets; processing, by the network protection device and in accordance with the first rule set, a portion of the plurality of packets; signaling, each processor of the at least two processors, to process packets in accordance with the second rule set; and configuring, each processor of the at least two processors, to responsive to the signaling to process packets in accordance with the second rule set; cease processing of one or more packets; cache the one or more packets; reconfigure to process packets in accordance with the second rule set; signal completion of reconfiguration to process packets in accordance with the second rule set; and responsive to receiving signaling that each other processor of the at least two processors has completed reconfiguration to process packets in accordance with the second rule set, process, in accordance with the second rule set, the one or more packets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
a plurality of processors; and a memory comprising instructions that when executed by at least one processor of the plurality of processors cause the system to; receive a first rule set and a second rule set; preprocess the first rule set and the second rule set to optimize performance of the system for processing packets in accordance with at least one of the first rule set or the second rule set; configure at least two processors of the plurality of processors to process packets in accordance with the first rule set; after preprocessing the first rule set and the second rule set and configuring the at least two processors to process packets in accordance with the first rule set, receive a plurality of packets; process, in accordance with the first rule set, a portion of the plurality of packets; signal, each processor of the at least two processors, to process packets in accordance with the second rule set; and configure, each processor of the at least two processors to, responsive to being signaled to process packets in accordance with the second rule set; cease processing of one or more packets; cache the one or more packets; reconfigure to process packets in accordance with the second rule set; signal completion of reconfiguration to process packets in accordance with the second rule set; and responsive to receiving signaling that each other processor of the at least two processors has completed reconfiguration to process packets in accordance with the second rule set, process, in accordance with the second rule set, the one or more packets. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. One or more non-transitory computer-readable media comprising instructions that when executed by a computing system cause the computing system to:
-
receive a first rule set and a second rule set; preprocess the first rule set and the second rule set to optimize performance of the computing system for processing packets in accordance with at least one of the first rule set or the second rule set; configure at least two processors of the computing system to process packets in accordance with the first rule set; after preprocessing the first rule set and the second rule set and configuring the at least two processors to process packets in accordance with the first rule set, receive a plurality of packets; process, in accordance with the first rule set, a portion of the plurality of packets; signal, each processor of the at least two processors, to process packets in accordance with the second rule set; and configure, each processor of the at least two processors to, responsive to being signaled to process packets in accordance with the second rule set; cease processing of one or more packets; cache the one or more packets; reconfigure to process packets in accordance with the second rule set; signal completion of reconfiguration to process packets in accordance with the second rule set; and responsive to receiving signaling that each other processor of the at least two processors has completed reconfiguration to process packets in accordance with the second rule set, process, in accordance with the second rule set, the one or more packets. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification