Mechanism for wire-speed stateful packet inspection in packet processors
    1.
    发明授权
    Mechanism for wire-speed stateful packet inspection in packet processors 有权
    分组处理器中线速状态包检测的机制

    公开(公告)号:US09319351B1

    公开(公告)日:2016-04-19

    申请号:US14090368

    申请日:2013-11-26

    CPC分类号: H04L47/2441 H04L45/745

    摘要: A packet processor includes an extraction circuit, a lookup circuit, an assignment circuit, a rule matching circuit, and an action circuit. The extraction circuit generates a first set of values based on a first packet. The lookup circuit stores metadata values. Each of the metadata values corresponds to a respective metadata identifier. The assignment circuit assigns a first metadata identifier to the first packet. The lookup circuit selectively retrieves a first metadata value that corresponds to the first metadata identifier. The rule matching circuit selects a first rule from among a predetermined set of rules based on the first set of values and the first metadata value. The action circuit identifies a first action specified by the first rule and performs the first action. The first action includes modifying the first metadata value of the plurality of metadata values.

    摘要翻译: 分组处理器包括提取电路,查找电路,分配电路,规则匹配电路和动作电路。 提取电路基于第一分组生成第一组值。 查找电路存储元数据值。 每个元数据值对应于相应的元数据标识符。 分配电路将第一元数据标识符分配给第一分组。 查找电路选择性地检索对应于第一元数据标识符的第一元数据值。 规则匹配电路基于第一组值和第一元数据值从预定规则集合中选择第一规则。 动作电路识别由第一规则指定的第一动作并执行第一动作。 第一动作包括修改多个元数据值的第一元数据值。

    Packet forwarding apparatus and method
    2.
    发明授权
    Packet forwarding apparatus and method 有权
    分组转发装置和方法

    公开(公告)号:US09203735B2

    公开(公告)日:2015-12-01

    申请号:US14188484

    申请日:2014-02-24

    摘要: A network device includes a plurality of physical ports configured to be coupled to one or more networks, and a processor device configured to process packets. The processor device includes a processor configured to implement a logical port assignment mechanism to assign source logical port information to a data packet received via a source physical port of the plurality of physical ports. The source logical port information is assigned based on one or more characteristics of the data packet, and the source logical port information corresponds to a logical entity that is different from any physical port. The processor device also includes a forwarding engine processor configured to determine one or more egress logical ports for forwarding the data packet, map the egress logical port(s) to respective egress physical port(s) of the plurality of physical ports, and forward the data packet to the egress physical port(s) based on the mapping.

    摘要翻译: 网络设备包括被配置为耦合到一个或多个网络的多个物理端口,以及被配置为处理分组的处理器设备。 处理器设备包括处理器,其被配置为实现逻辑端口分配机制,以将源逻辑端口信息分配给经由多个物理端口的源物理端口接收的数据包。 根据数据包的一个或多个特性分配源逻辑端口信息,源逻辑端口信息对应于与任何物理端口不同的逻辑实体。 处理器设备还包括转发引擎处理器,其被配置为确定用于转发数据分组的一个或多个出口逻辑端口,将出口逻辑端口映射到多个物理端口的相应出口物理端口,并且转发 基于映射的到出口物理端口的数据分组。

    Packet Forwarding Apparatus and Method
    3.
    发明申请
    Packet Forwarding Apparatus and Method 审中-公开
    分组转发设备和方法

    公开(公告)号:US20140169382A1

    公开(公告)日:2014-06-19

    申请号:US14188484

    申请日:2014-02-24

    摘要: A network device includes a plurality of physical ports configured to be coupled to one or more networks, and a processor device configured to process packets. The processor device includes a processor configured to implement a logical port assignment mechanism to assign source logical port information to a data packet received via a source physical port of the plurality of physical ports. The source logical port information is assigned based on one or more characteristics of the data packet, and the source logical port information corresponds to a logical entity that is different from any physical port. The processor device also includes a forwarding engine processor configured to determine one or more egress logical ports for forwarding the data packet, map the egress logical port(s) to respective egress physical port(s) of the plurality of physical ports, and forward the data packet to the egress physical port(s) based on the mapping.

    摘要翻译: 网络设备包括被配置为耦合到一个或多个网络的多个物理端口,以及被配置为处理分组的处理器设备。 处理器设备包括处理器,其被配置为实现逻辑端口分配机制,以将源逻辑端口信息分配给经由多个物理端口的源物理端口接收的数据包。 根据数据包的一个或多个特性分配源逻辑端口信息,源逻辑端口信息对应于与任何物理端口不同的逻辑实体。 处理器设备还包括转发引擎处理器,其被配置为确定用于转发数据分组的一个或多个出口逻辑端口,将出口逻辑端口映射到多个物理端口的相应出口物理端口,并且转发 基于映射的到出口物理端口的数据分组。

    Distributed dynamic load balancing in network systems

    公开(公告)号:US10904150B1

    公开(公告)日:2021-01-26

    申请号:US15423389

    申请日:2017-02-02

    摘要: A source switching device in a switching system receives information measured by a target switching device in the switching system. The information is indicative of an amount of data received in a given amount of time by the target switching device via each of two or more first links coupled to the target switching device. The source switching device determines, based at least in part on the information received from the target device, a path, from among multiple paths from the source switching device to the target switching device, for transmission of a packet flow directed to the target switching device. The source switching device transmits, via the determined path for transmission of the packet flow to the target device, one or more packets belonging to the packet flow.

    Egress flow mirroring in a network device

    公开(公告)号:US10541947B2

    公开(公告)日:2020-01-21

    申请号:US15599199

    申请日:2017-05-18

    摘要: A packet is received at a network device. The packet is processed by the network device to determine at least one egress port via which to transmit the packet, and to perform egress classification of the packet based at least in part on information determined for the packet during processing of the packet. Egress classification includes determining whether the packet should not be transmitted by the network device. When it is not determined that the packet should not be transmitted by the network device, a copy of the packet is generated for mirroring of the packet to a destination other than the determined at least one egress port, and the packet is enqueued in an egress queue corresponding to the determined at least one egress port. The packet is subsequently transferred to the determined at least one egress port for transmission of the packet.

    Systems and methods for stateful packet processing

    公开(公告)号:US11916795B2

    公开(公告)日:2024-02-27

    申请号:US17318076

    申请日:2021-05-12

    摘要: Methods and systems are provided for processing a received packet based on associated state information. A packet processor of a network device receives a packet from a network. The received packet is classified as belonging to at least one respective identified flow from among a plurality of identified flows. For a respective received packet that belongs to an identified flow a current state value for the identified flow is ascertained based on a state table. The current state value is assigned to the respective received packet based on the current state value using the state table for the identified flow. A packet processing operation is subsequently performed on the respective received packet based in part on the state value of the identified flow to which the respective packet belongs.

    Method and apparatus for processing packets in a network device

    公开(公告)号:US10764410B2

    公开(公告)日:2020-09-01

    申请号:US16694504

    申请日:2019-11-25

    IPC分类号: H04L29/06 H04L12/937

    摘要: A packet received by a network device via a network. A first portion of the packet is stored in a packet memory, the first portion including at least a payload of the packet. The packet is processed based on information from a header of the packet. After the packet is processed, a second portion of the packet is stored in the packet memory, the second portion including at least a portion of the header of the packet. When the packet is to be transmitted the first portion of the packet and the second portion of the packet are retrieved from the packet memory, and the first portion and the second portion are combined to generate a transmit packet. The transmit packet is forwarded to a port of the network device for transmission of the transmit packet via port of the network device.

    Latency monitoring for network devices

    公开(公告)号:US10411983B2

    公开(公告)日:2019-09-10

    申请号:US15598105

    申请日:2017-05-17

    IPC分类号: H04L12/26 H04L29/06 H04L29/14

    摘要: A network device comprises time measurement units configured to measure receipt times and transmit times of packets received/transmitted via network interfaces. One or more memories store configuration information that indicates certain network interface pairs and/or certain packet flows that are enabled for latency measurement. A packet processor includes a latency monitoring trigger unit configured to select, using the configuration information, packets that are forwarded between the certain network interface pairs and/or that belong to the certain packet flows for latency monitoring. One or more latency measurement units determine respective latencies for packets selected by the latency monitoring trigger unit using respective receipt times and respective transmit times for the packets selected by the latency monitoring trigger unit, calculates latency statistics for the certain network interface pairs and/or the certain packet flows using the respective latencies, and stores the latency statistics in the one or more memories.

    Reducing size of policy databases using bidirectional rules

    公开(公告)号:US10205658B1

    公开(公告)日:2019-02-12

    申请号:US14990506

    申请日:2016-01-07

    IPC分类号: H04L12/741 H04L12/813

    摘要: Aspects of the disclosure provide a method for processing packets in a network device. The method can include populating a policy database with one or more bidirectional rules that are to be selectively applied in a packet processing operation. Ones of the bidirectional rules can include at least: a first address field populated with a first value corresponding to a source address for first packet flow that is traversing a network in a first direction and to a destination address for second packet flow that is traversing the network in a second direction different from the first direction, a second address field populated with a second value, and an action that is applicable to packet flow having a respective source address and destination address corresponding to the first values stored in the first address field and to the second values stored in the second address field.