公开(公告)号：US12244514B2

公开(公告)日：2025-03-04

申请号：US17858530

申请日：2022-07-06

Applicant: Cisco Technology, Inc.

Inventor： Feng Cao ,  Harikrishnan Pillai ,  Jonathan Rosen

IPC: H04L47/762 ,  G06F11/34 ,  H04L45/00 ,  H04L47/80

Abstract: Intelligent distribution of packet flows may be provided. Compute resource data may be received. Next, packets may be classified into flows that may be persistently mapped to compute resources for a lifetime of the flows. Based on the compute resource data, the flows may then be allocated to the compute resources.

公开(公告)号：US11722525B2

公开(公告)日：2023-08-08

申请号：US17230675

申请日：2021-04-14

Applicant: Cisco Technology, Inc.

Inventor： Shuxian Lou ,  Jie Chu ,  Jonathan Rosen ,  Douglas Michael Toney ,  Harikrishnan Pillai ,  Feng Cao

IPC: H04L29/06 ,  H04L9/40 ,  G06F16/2455

CPC classification number: H04L63/20 ,  G06F16/2455

Abstract: Techniques and mechanisms for IPsec processing of IPsec packets for routing platforms where IPsec is just one or more features in the middle of data path features on the packet processing path and hence, the typical, simple inline IPsec scheme does not work well for such platforms. The techniques include using a hardware look-up table for packet classification and inbound security association (SA) lookup in one pass with IP 5-tuple plus SPI as a lookup key at hardware table. The techniques provide an entry match action format and mechanism for deriving inbound SA dram addresses that may be used by a hardware (HW)/firmware (FW) crypto/IPsec engine to process inbound packet traffic. A software SA look-up table is also provided to overcome hardware look-up table resource limitations and support more IPsec session scaling than the physical hardware look-up table can handle. Additional techniques are described.

公开(公告)号：US20220337627A1

公开(公告)日：2022-10-20

申请号：US17230675

申请日：2021-04-14

Applicant: Cisco Technology, Inc.

Inventor： Shuxian Lou ,  Jie Chu ,  Jonathan Rosen ,  Douglas Michael Toney ,  Harikrishnan Pillai ,  Feng Cao

IPC: H04L29/06 ,  G06F16/2455

Abstract: Techniques and mechanisms for IPsec processing of IPsec packets for routing platforms where IPsec is just one or more features in the middle of data path features on the packet processing path and hence, the typical, simple inline IPsec scheme does not work well for such platforms. The techniques include using a hardware look-up table for packet classification and inbound security association (SA) lookup in one pass with IP 5-tuple plus SPI as a lookup key at hardware table. The techniques provide an entry match action format and mechanism for deriving inbound SA dram addresses that may be used by a hardware (HW)/firmware (FW) crypto/IPsec engine to process inbound packet traffic. A software SA look-up table is also provided to overcome hardware look-up table resource limitations and support more IPsec session scaling than the physical hardware look-up table can handle. Additional techniques are described.

公开(公告)号：US20240015110A1

公开(公告)日：2024-01-11

申请号：US17858530

申请日：2022-07-06

Applicant: Cisco Technology, Inc.

Inventor： Feng Cao ,  Harikrishnan Pillai ,  Jonathan Rosen

IPC: H04L47/762 ,  H04L47/80 ,  H04L45/00 ,  G06F11/34

CPC classification number: H04L47/762 ,  H04L47/801 ,  H04L45/38 ,  G06F11/3409

Abstract: Intelligent distribution of packet flows may be provided. Compute resource data may be received. Next, packets may be classified into flows that may be persistently mapped to compute resources for a lifetime of the flows. Based on the compute resource data, the flows may then be allocated to the compute resources.