Associative cache structure for lookups and updates of flow records in a network monitor

  • US 6,771,646 B1
  • Filed: 06/30/2000
  • Issued: 08/03/2004
  • Est. Priority Date: 06/30/2000
  • Status: Active Grant
1. A packet monitor for examining packet passing through a connection point on a computer network, each packets conforming to one or more protocols, the monitor comprising:

  • (a) a packet acquisition device coupled to the connection point and configured to receive packets passing through the connection point;

    (b) a memory for storing a database comprising flow-entries for previously encountered conversational flows to which a received packet may belong, a conversational flow being an exchange of one or more packets in any direction as a result of an activity corresponding to the flow;

    (c) a cache subsystem coupled to the flow-entry database memory providing for fast access of flow-entries from the flow-entry database;

    (d) a lookup engine coupled to the packet acquisition device and to the cache subsystem and configured to lookup whether a received packet belongs to a flow-entry in the flow-entry database, to looking up being the cache subsystem; and

    (e) a state processor coupled to the lookup engine and to the flow-entry-database memory, the state processor being to perform any state operations specified for the state of the flow starting from the last encountered state of the flow in the case that the packet is from an existing flow, and to perform any state operations required for the initial state of the new flow in the case that the packet is from an existing flow.

