摘要:
The present invention relates to a system and computer-readable medium for storing a plurality of multi-field classification rules in a computer system. Each multi-field classification rule includes a rule specification that itself includes a plurality of fields and a plurality of field definitions corresponding to the fields. The method of the present invention includes providing a virtual rule table, where the table stores a plurality of field definitions, and for each of the plurality of multi-field classification rules, compressing the rule specification by replacing at least one field definition with an associated index into the virtual rule table. The method also includes storing each of the compressed rule specifications and the virtual rule table in a shared segment of memory.
摘要:
The classification system of a network device includes a cache in which a mapping between predefined characteristics of TCP/IP packets and associated actions are stored in response to the first “Frequent Flyer” packet in of a session. Selected characteristics from subsequent received packets of that session are correlated with the predefined characteristics and the stored actions are applied to the received packets if the selected characteristics and the predefined characteristics match, thus reducing the processing required for subsequent packets. The packets selected for caching may be data packets. For mismatched characteristics, the full packet search of the classification system is used to determine the action to apply to the received packet.
摘要:
The present invention relates to a system for managing a plurality of multi-field classification rules. The system provides a first table that includes a plurality of entries corresponding to a plurality of rules relating to an ingress context and a second table that includes a plurality of entries corresponding to a plurality of rules relating to an egress context. The system also includes a network processor for classifying packets of information, wherein the network processor is programmed to utilize the first table and the second table to identify any rules relating to the ingress context and any one rules relating to the egress context that match a search key.
摘要:
The present invention relates to a method for managing a plurality of multi-field classification rules. The method includes providing a first table that includes a plurality of entries corresponding to a plurality of rules relating to an ingress context and providing a second table that includes a plurality of entries corresponding to a plurality of rules relating to an egress context. The method also includes utilizing the first table and the second table to identify any rules relating to the ingress context and any rules relating to the egress context that match a search key.
摘要:
Method for compressing search tree structures used in rule classification is provided. The method includes classifying packets based on filter rules, compressing a tree structure comprising multiple levels of single bit test nodes and leaf nodes, storing the compressed tree structure in a first memory structure of a storage such that the multiple levels of single bit test nodes and leaf nodes can be accessed from the first memory structure through a single memory access of the storage, collecting single bit test nodes of the tree structure that are in a lowest level of the tree structure, storing only the collected single bit test nodes within a second memory structure of the storage that is contiguous to the first memory structure, collecting leaf nodes of the tree structure, and storing only the collected leaf nodes within a third memory structure of the storage that is contiguous to second memory structure.
摘要:
The present invention relates to a system for storing a plurality of multi-field classification rules in a computer system. Each multi-field classification rule includes a rule specification that itself includes a plurality of fields and a plurality of field definitions corresponding to the fields.
摘要:
The classification system of a network device includes a cache in which a mapping between predefined characteristics of TCP/IP packets and associated actions are stored in response to the first “Frequent Flyer” packet in of a session. Selected characteristics from subsequent received packets of that session are correlated with the predefined characteristics and the stored actions are applied to the received packets if the selected characteristics and the predefined characteristics match, thus reducing the processing required for subsequent packets. The packets selected for caching may be data packets. For mismatched characteristics, the full packet search of the classification system is used to determine the action to apply to the received packet.
摘要:
The present invention relates to a method and computer system device for applying a plurality of rules to data packets within a network computer system. A filter rule decision tree is updated by adding or deleting a rule. If deleting a filter rule then the decision tree is provided to a network data plane processor with an incremental delete of the filter rule. If adding a filter rule then either providing an incremental insertion of the filter rule to the decision tree or rebuilding the first decision tree into a second decision tree responsive to comparing a parameter to a threshold. In one embodiment the parameter and thresholds relate to depth values of the tree filter rule chained branches. In another the parameter and thresholds relate to a total count of rule additions since a building of the relevant tree.
摘要:
The present invention relates to a method and computer system device for applying a plurality of rules to data packets within a network computer system. A filter rule decision tree is updated by adding or deleting a rule. If deleting a filter rule then the decision tree is provided to a network data plane processor with an incremental delete of the filter rule. If adding a filter rule then either providing an incremental insertion of the filter rule to the decision tree or rebuilding the first decision tree into a second decision tree responsive to comparing a parameter to a threshold. In one embodiment the parameter and thresholds relate to depth values of the tree filter rule chained branches. In another the parameter and thresholds relate to a total count of rule additions since a building of the relevant tree.
摘要:
The present invention relates to a method and computer system device for applying a plurality of rules to data packets within a network computer system. A filter rule decision tree is updated by adding or deleting a rule. If deleting a filter rule then the decision tree is provided to a network data plane processor with an incremental delete of the filter rule. If adding a filter rule then either providing an incremental insertion of the filter rule to the decision tree or rebuilding the first decision tree into a second decision tree responsive to comparing a parameter to a threshold. In one embodiment the parameter and thresholds relate to depth values of the tree filter rule chained branches. In another the parameter and thresholds relate to a total count of rule additions since a building of the relevant tree.