Apparatus and method for traffic filtering in a communication system
First Claim
1. A method, comprising:
- receiving traffic through a first interface in a first group of interfaces at a switch, the first group of interfaces associated with a first virtual network and coupled to a switch fabric in the switch;
determining that the traffic is destined for a destination associated with a second virtual network;
forwarding the traffic from the switch fabric through a second interface in the first group of interfaces to a third interface in a second group of interfaces at the switch, the second group of interfaces associated with the second virtual network and coupled to the switch fabric in the switch, wherein the switch fabric does not transport the traffic from the second interface to the third interface;
filtering the traffic that is received at the third interface in the second group of interfaces, wherein filtering the traffic comprises at least one of;
(1) determining whether a traffic type associated with the traffic represents a specified traffic type, and (2) determining whether a port associated with the traffic represents a specified port; and
communicating the filtered traffic from the switch fabric towards the destination through a fourth interface in the second group of interfaces;
wherein the specified traffic type comprises Address Resolution Protocol (ARP) broadcast traffic, multicast test traffic, and Network Timing Protocol (NTR) traffic; and
wherein the specified port comprises a Transmission Control Protocol (TCP) port or a User Datagram Protocol (UDP) port that is within a specified range of ports and that is associated with unicast traffic.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes receiving traffic through a first interface in a first group of interfaces at a switch. The first group of interfaces is associated with a first virtual network. The method also includes determining that the traffic is destined for a destination associated with a second virtual network and forwarding the traffic to a second interface in a second group of interfaces at the switch. The second group of interfaces is associated with the second virtual network. The method further includes filtering the traffic that is received at the second interface in the second group of interfaces and communicating the filtered traffic towards the destination. The first and second virtual networks could represent Virtual Local Area Networks associated with different network levels of a process control system.
39 Citations
17 Claims
-
1. A method, comprising:
-
receiving traffic through a first interface in a first group of interfaces at a switch, the first group of interfaces associated with a first virtual network and coupled to a switch fabric in the switch; determining that the traffic is destined for a destination associated with a second virtual network; forwarding the traffic from the switch fabric through a second interface in the first group of interfaces to a third interface in a second group of interfaces at the switch, the second group of interfaces associated with the second virtual network and coupled to the switch fabric in the switch, wherein the switch fabric does not transport the traffic from the second interface to the third interface; filtering the traffic that is received at the third interface in the second group of interfaces, wherein filtering the traffic comprises at least one of;
(1) determining whether a traffic type associated with the traffic represents a specified traffic type, and (2) determining whether a port associated with the traffic represents a specified port; andcommunicating the filtered traffic from the switch fabric towards the destination through a fourth interface in the second group of interfaces; wherein the specified traffic type comprises Address Resolution Protocol (ARP) broadcast traffic, multicast test traffic, and Network Timing Protocol (NTR) traffic; and wherein the specified port comprises a Transmission Control Protocol (TCP) port or a User Datagram Protocol (UDP) port that is within a specified range of ports and that is associated with unicast traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus, comprising:
-
a plurality of interfaces comprising a first group of interfaces associated with a first virtual network and a second group of interfaces associated with a second virtual network; a switch fabric coupled to the first and second groups of interfaces and configured to transport traffic between the interfaces; and a controller configured to; determine that traffic received through a first interface in the first group of interfaces is destined for a destination associated with the second virtual network; cause the switch fabric to forward the traffic from the switch fabric through a second interface in the first group of interfaces to a third interface in the second group of interfaces, wherein the switch fabric does not transport the traffic from the second interface to the third interface; filter the traffic that is received at the third interface in the second group of interfaces, wherein the controller is configure to filter the traffic by at least one of;
(1) determining whether a traffic type associated with the traffic represents a specified traffic type, and (2) determining whether a off associated with the traffic represents a specified port; andcause the switch fabric to forward the filtered traffic from the switch fabric to a fourth interface in the second group of interfaces for communication of the filtered traffic towards the destination; wherein the specified traffic type comprises Address Resolution Protocol (ARP) broadcast traffic, multicast test traffic, and Network Timing Protocol (NTP) traffic; and wherein the specified port comprises a Transmission Control Protocol (TCP) port or a User Datagram Protocol (UDP) port that is within a specified range of ports and that is associated with unicast traffic. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A system, comprising:
-
a plurality of switches configured to facilitate communication between a plurality of endpoints, at least one of the switches comprising; a plurality of interfaces comprising a first group of interfaces associated with a first virtual network and a second group of interfaces associated with a second virtual network; a switch fabric coupled to the first and second groups of interfaces and configured to transport traffic between the interfaces; and a controller configured to; determine that traffic received though a first interface in the first group of interfaces is destined for an endpoint associated with the second virtual network; cause the switch fabric to forward the traffic from the switch fabric though a second interface in the first group of interfaces to a third interface in the second group of interfaces, wherein the switch fabric does not transport the traffic from the second interface to the third interface; filter the traffic that is received at the third interface in the second group of interfaces, wherein the controller is configured to filter the traffic by at least one of;
(1) determining whether a traffic type associated with the traffic represents a specified traffic type, and (2) determining whether a port associated with the traffic represents a specified port; andcause the switch fabric to forward the filtered traffic from the switch fabric to a fourth interface in the second group of interfaces for communication of the filtered waffle towards the endpoint associated with the second virtual network; wherein the specified traffic type comprises Address Resolution Protocol (ARP) broadcast traffic, muiticast test traffic, and Network Timing Protocol (NTP) traffic; and wherein the specified port comprises a Transmission Control Protocol (TCP) port or a User Datagram Protocol (UDP) port that is within a specified range of ports and that is associated with unicast traffic. - View Dependent Claims (15, 16, 17)
-
Specification