Method and apparatus for two-stage packet classification using most specific filter matching and transport level sharing
First Claim
Patent Images
1. A method comprising:
- determining a result based upon a network path of a received packet;
identifying, from a plurality of bins, at least one bin corresponding to the result, each of the plurality of bins including a number of sets of fields; and
searching the at least one corresponding bin to identify a set of fields matching the packet.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for two-stage packet classification, the two-stage packet classification scheme including a first stage and a second stage. In the first classification stage, a packet is classified on the basis of the packet'"'"'s network path. In the second stage of classification, the packet is classified on the basis of one or more transport (or other) fields of the packet. Also disclosed are embodiments of most specific filter matching and transport level sharing, and either one or both of these techniques may be implemented in the two-stage classification method.
115 Citations
70 Claims
-
1. A method comprising:
-
determining a result based upon a network path of a received packet;
identifying, from a plurality of bins, at least one bin corresponding to the result, each of the plurality of bins including a number of sets of fields; and
searching the at least one corresponding bin to identify a set of fields matching the packet. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method comprising:
-
receiving a packet, the packet having a header including a source address, a destination address, and a number of other fields;
identifying, from a number of entries in a data structure, an entry having a source address prefix matching the source address of the packet, the matching entry including a first identifier;
identifying, from a number of entries in another data structure, an entry having a destination address prefix matching the destination address of the packet, the matching entry including a second identifier;
identifying, from a number of bins, a bin corresponding to the first and second identifiers, the corresponding bin including a number of sets of transport level fields; and
comparing at least one of the other fields of the packet header with each set of transport level fields in the corresponding bin to find a matching set of transport level fields. - View Dependent Claims (8, 9, 10)
-
-
11. A method comprising:
-
receiving a packet, the packet having a header including a source address, a destination address, and a number of transport level fields;
searching a source address data structure to find a first index and a third index, the first index associated with a fully specified filter having a source prefix matching the source address of the packet, the third index associated with a partially specified filter having a source prefix matching the source address of the packet;
searching a destination address data structure to find a second index and a fourth index, the second index associated with a fully specified filter having a destination prefix matching the destination address of the packet, the fourth index associated with a partially specified filter having a destination prefix matching the destination address of the packet;
forming a key from the first and second indexes;
searching a primary table for an entry matching the key, the primary table including a number of entries, each entry corresponding to one of a fully specified filter, a fully specified filter intersection, and an indicator filter; and
if a matching entry is found in the primary table, accessing a list of bin pointers associated with the matching entry, each bin pointer of the list identifying a bin containing a number of sets of transport level fields. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
grouping a plurality of rules of a packet classification database into a number of rule sets, each rule set including rules having a source and destination address pair, each rule set associated with a filter corresponding to the source and destination address pair;
associating a small bin with each of the filters, each small bin including a group of a number of sets of transport level fields, each set of transport level fields in the group associated with one of the rules in the associated rule set. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A data structure comprising:
-
a plurality of filters, each filter including a source address prefix and a destination address prefix; and
a plurality of bins, each bin comprising a number of triplets, each triplet including at least one transport level field, an action, and a priority;
wherein each of the plurality of filters is associated with at least one of the bins. - View Dependent Claims (34, 35, 36, 37, 38)
-
-
39. A data structure comprising:
-
a source address data structure, the source address data structure including a number of entries, each of the entries having a source prefix, a filter type, and an index;
a destination address data structure, the destination address data structure including a number of entries, each of the entries having a destination prefix, a filter type, and an index;
a primary table, the primary table including a number of entries, each of the entries having a key and at least one bin pointer, wherein each of the entries is associated with one of a fully specified filter, a fully specified filter intersection, and an indicator filter; and
two secondary tables, each of the secondary tables including a number of entries, each of the entries having a key and at least one bin pointer, wherein each entry of each of the two secondary tables is associated with a partially specified filter. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47)
-
-
48. An apparatus comprising:
-
a processing device;
a memory coupled with the processing device, the memory having a first data structure stored therein, the first data structure including a source address look-up data structure, the source address look-up data structure including a number of entries, each of the entries having a source prefix, a filter type, and an index, a destination address look-up data structure, the destination address look-up data structure including a number of entries, each of the entries having a destination prefix, a filter type, and an index, a primary table, the primary table including a number of entries, each of the entries having a key and at least one bin pointer, wherein each of the entries is associated with one of a fully specified filter, a fully specified filter intersection, and an indicator filter, and two secondary tables, each of the secondary tables including a number of entries, each of the entries having a key and at least one bin pointer, wherein each entry of each of the two secondary tables is associated with a partially specified filter. - View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
-
-
61. An apparatus comprising:
-
a content addressable memory (CAM), the CAM having stored therein a plurality of bins, each of the bins including a number of sets of fields; and
a processing device coupled with CAM, the processing device capable of determining a result based upon the network path of the packet and identify, from the plurality of bins, at least one bin corresponding to the result, the CAM to search the at least one corresponding bin to identify a set of fields matching the packet. - View Dependent Claims (62, 63, 64)
-
-
65. An article of manufacture comprising:
a machine accessible medium providing content that, when accessed by a machine, causes the machine to determine a result based upon a network path of a received packet;
identify, from a plurality of bins, at least one bin corresponding to the result, each of the plurality of bins including a number of sets of fields; and
search the at least one corresponding bin to identify a set of fields matching the packet. - View Dependent Claims (66, 67, 68, 69, 70)
Specification