Reverse path forwarding protection of packets using automated population of access control lists based on a forwarding information base
First Claim
1. A method for processing packets, the method comprising:
- identifying a lookup value by extracting one or more values from a packet, said one or more values including a source address of the packet;
performing an access control list lookup operation in an access control list based on the lookup value to identify a permit or a deny condition, wherein the access control list includes access control list entries;
processing the packet based on the permit or the deny condition identified in said performing the access control list lookup operation, wherein said processing the packet based on the permit condition includes performing a forwarding lookup operation on a representation of a forwarding information base to identify a location and forwarding the packet to the location; and
automatically generating the access control list entries based on a forwarding information base.
1 Assignment
0 Petitions
Accused Products
Abstract
Reverse path forwarding protection of packets is provided using automated population of access control lists based on a forwarding information base. One implementation identifies a lookup value by extracting one or more values including a source address from a packet. An access control list lookup operation is performed on an access control list based on the lookup value to identify a permit or a deny condition, the access control list including multiple access control list entries. The packet is processed based on the permit or the deny condition identified in by the access control list lookup operation, this processing the packet based on the permit condition includes performing a forwarding lookup operation on a representation of a forwarding information base to identify a location and forwarding the packet to the location. The access control list entries are automatically generated based on a forwarding information base.
-
Citations
32 Claims
-
1. A method for processing packets, the method comprising:
-
identifying a lookup value by extracting one or more values from a packet, said one or more values including a source address of the packet;
performing an access control list lookup operation in an access control list based on the lookup value to identify a permit or a deny condition, wherein the access control list includes access control list entries;
processing the packet based on the permit or the deny condition identified in said performing the access control list lookup operation, wherein said processing the packet based on the permit condition includes performing a forwarding lookup operation on a representation of a forwarding information base to identify a location and forwarding the packet to the location; and
automatically generating the access control list entries based on a forwarding information base. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus for processing packets, the apparatus comprising:
-
means for identifying a lookup value by extracting one or more values from a packet, said one or more values including a source address of the packet;
means for performing an access control list lookup operation in an access control list based on the lookup value to identify a permit or a deny condition, wherein the access control list includes access control list entries;
means for processing the packet based on the permit or the deny condition identified in said performing the access control list lookup operation, wherein said processing the packet based on the permit condition includes performing a forwarding lookup operation on a representation of a forwarding information base to identify a location and forwarding the packet to the location; and
means for automatically generating the access control list entries based on a forwarding information base. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus comprising:
-
a lookup value generator configured to generate a lookup value by extracting one or more values from a packet, said one or more values including a source address of the packet;
an access control list lookup mechanism configured to perform an access control list lookup operation in an access control list based on the lookup word to identify a permit or a deny condition;
a packet processor configure to process the packet based on the permit or the deny condition identified by the access control list lookup operation, wherein said processing the packet based on the permit condition includes performing a forwarding lookup operation on a representation of a forwarding information base to identify a location and forwarding the packet to the location; and
an access control list generator configured to automatically generate entries in the access control list based on the forwarding information base. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer-readable medium containing computer-executable instructions for performing steps for processing packets, said steps comprising:
-
identifying a lookup value by extracting one or more values from a packet, said one or more values including a source address of the packet;
performing an access control list lookup operation in an access control list based on the lookup value to identify a permit or a deny condition, wherein the access control list includes access control list entries;
processing the packet based on the permit or the deny condition identified in said performing the access control list lookup operation, wherein said processing the packet based on the permit condition includes performing a forwarding lookup operation on a representation of a forwarding information base to identify a location and forwarding the packet to the location; and
automatically generating the access control list entries based on a forwarding information base. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
Specification