System and computer program for compressing multi-field classification rules
    1.
    发明授权
    System and computer program for compressing multi-field classification rules 有权
    用于压缩多场分类规则的系统和计算机程序

    公开(公告)号:US07752155B2

    公开(公告)日:2010-07-06

    申请号:US12182118

    申请日:2008-07-29

    IPC分类号: G06F17/00 G06N5/02

    CPC分类号: G06N99/005

    摘要: The present invention relates to a system and computer-readable medium for storing a plurality of multi-field classification rules in a computer system. Each multi-field classification rule includes a rule specification that itself includes a plurality of fields and a plurality of field definitions corresponding to the fields. The method of the present invention includes providing a virtual rule table, where the table stores a plurality of field definitions, and for each of the plurality of multi-field classification rules, compressing the rule specification by replacing at least one field definition with an associated index into the virtual rule table. The method also includes storing each of the compressed rule specifications and the virtual rule table in a shared segment of memory.

    摘要翻译: 本发明涉及一种用于在计算机系统中存储多个多场分类规则的系统和计算机可读介质。 每个多字段分类规则包括本身包括多个字段的规则规范和对应于字段的多个字段定义。 本发明的方法包括提供虚拟规则表,其中表存储多个字段定义,并且对于多个多字段分类规则中的每一个,通过用相关联的替换来替换至少一个字段定义来压缩规则规范 索引到虚拟规则表。 该方法还包括将每个压缩规则规范和虚拟规则表存储在存储器的共享段中。

    Method for caching lookups based upon TCP traffic flow characteristics
    2.
    发明授权
    Method for caching lookups based upon TCP traffic flow characteristics 有权
    基于TCP流量特征缓存查找的方法

    公开(公告)号:US07464181B2

    公开(公告)日:2008-12-09

    申请号:US10662007

    申请日:2003-09-11

    CPC分类号: H04L45/00 H04L69/22

    摘要: The classification system of a network device includes a cache in which a mapping between predefined characteristics of TCP/IP packets and associated actions are stored in response to the first “Frequent Flyer” packet in of a session. Selected characteristics from subsequent received packets of that session are correlated with the predefined characteristics and the stored actions are applied to the received packets if the selected characteristics and the predefined characteristics match, thus reducing the processing required for subsequent packets. The packets selected for caching may be data packets. For mismatched characteristics, the full packet search of the classification system is used to determine the action to apply to the received packet.

    摘要翻译: 网络设备的分类系统包括缓存,其中响应于会话中的第一“频繁传单”分组而存储TCP / IP分组的预定义特性与相关动作之间的映射。 如果所选择的特征和预定义的特征匹配,则从该会话的后续接收到的分组中选出的特征与预定义的特征相关联,并且将存储的动作应用于所接收的分组,从而减少后续分组所需的处理。 选择用于缓存的数据包可能是数据包。 对于不匹配的特征,分类系统的全分组搜索用于确定应用于接收到的分组的动作。

    Method for managing multi-field classification rules relating to ingress
    3.
    发明授权
    Method for managing multi-field classification rules relating to ingress 失效
    管理与入口有关的多领域分类规则的方法

    公开(公告)号:US07412431B2

    公开(公告)日:2008-08-12

    申请号:US10832958

    申请日:2004-04-27

    IPC分类号: G06F17/00 G06N5/02

    CPC分类号: G06N99/005

    摘要: The present invention relates to a method for managing a plurality of multi-field classification rules. The method includes providing a first table that includes a plurality of entries corresponding to a plurality of rules relating to an ingress context and providing a second table that includes a plurality of entries corresponding to a plurality of rules relating to an egress context. The method also includes utilizing the first table and the second table to identify any rules relating to the ingress context and any rules relating to the egress context that match a search key.

    摘要翻译: 本发明涉及一种用于管理多个多场分类规则的方法。 该方法包括提供第一表格,该第一表格包括对应于与入口上下文有关的多个规则的多个条目,并提供第二表格,该第二表格包括对应于与出口上下文有关的多个规则的多个条目。 该方法还包括利用第一表和第二表来识别与入口上下文有关的任何规则以及与搜索关键字匹配的出口上下文相关的任何规则。

    Caching lookups based upon TCP traffic flow characteristics
    5.
    发明授权
    Caching lookups based upon TCP traffic flow characteristics 失效
    基于TCP流量特性的缓存查找

    公开(公告)号:US08005989B2

    公开(公告)日:2011-08-23

    申请号:US12188333

    申请日:2008-08-08

    IPC分类号: G06F15/173

    CPC分类号: H04L45/00 H04L69/22

    摘要: The classification system of a network device includes a cache in which a mapping between predefined characteristics of TCP/IP packets and associated actions are stored in response to the first “Frequent Flyer” packet in of a session. Selected characteristics from subsequent received packets of that session are correlated with the predefined characteristics and the stored actions are applied to the received packets if the selected characteristics and the predefined characteristics match, thus reducing the processing required for subsequent packets. The packets selected for caching may be data packets. For mismatched characteristics, the full packet search of the classification system is used to determine the action to apply to the received packet.

    摘要翻译: 网络设备的分类系统包括缓存,其中响应于会话中的第一“频繁传单”分组而存储TCP / IP分组的预定义特性与相关动作之间的映射。 如果所选择的特征和预定义的特征匹配,则从该会话的后续接收到的分组中选出的特征与预定义的特征相关联,并且将存储的动作应用于所接收的分组,从而减少后续分组所需的处理。 选择用于缓存的数据包可能是数据包。 对于不匹配的特征,分类系统的全分组搜索用于确定应用于接收到的分组的动作。

    Decision tree multi-field classification dynamic rules updating and rebuilding
    6.
    发明授权
    Decision tree multi-field classification dynamic rules updating and rebuilding 失效
    决策树多场分类动态规则更新和重建

    公开(公告)号:US07937355B2

    公开(公告)日:2011-05-03

    申请号:US12327115

    申请日:2008-12-03

    摘要: The present invention relates to a method and computer system device for applying a plurality of rules to data packets within a network computer system. A filter rule decision tree is updated by adding or deleting a rule. If deleting a filter rule then the decision tree is provided to a network data plane processor with an incremental delete of the filter rule. If adding a filter rule then either providing an incremental insertion of the filter rule to the decision tree or rebuilding the first decision tree into a second decision tree responsive to comparing a parameter to a threshold. In one embodiment the parameter and thresholds relate to depth values of the tree filter rule chained branches. In another the parameter and thresholds relate to a total count of rule additions since a building of the relevant tree.

    摘要翻译: 本发明涉及一种用于将多个规则应用于网络计算机系统内的数据分组的方法和计算机系统设备。 通过添加或删除规则来更新过滤规则决策树。 如果删除过滤规则,则将决策树提供给具有过滤规则的增量删除的网络数据平面处理器。 如果添加过滤规则,则响应于将参数与阈值进行比较,提供过滤规则的增量插入到决策树或将第一决策树重新构建到第二决策树中。 在一个实施例中,参数和阈值涉及树筛选器规则链分支的深度值。 在另一个中,参数和阈值涉及自相关树的建立以来的规则添加的总计数。

    MULTI-FIELD CLASSIFICATION DYNAMIC RULES UPDATES
    7.
    发明申请
    MULTI-FIELD CLASSIFICATION DYNAMIC RULES UPDATES 失效
    多领域分类动态规则更新

    公开(公告)号:US20090083209A1

    公开(公告)日:2009-03-26

    申请号:US12327115

    申请日:2008-12-03

    IPC分类号: G06N5/02

    摘要: The present invention relates to a method and computer system device for applying a plurality of rules to data packets within a network computer system. A filter rule decision tree is updated by adding or deleting a rule. If deleting a filter rule then the decision tree is provided to a network data plane processor with an incremental delete of the filter rule. If adding a filter rule then either providing an incremental insertion of the filter rule to the decision tree or rebuilding the first decision tree into a second decision tree responsive to comparing a parameter to a threshold. In one embodiment the parameter and thresholds relate to depth values of the tree filter rule chained branches. In another the parameter and thresholds relate to a total count of rule additions since a building of the relevant tree.

    摘要翻译: 本发明涉及一种用于将多个规则应用于网络计算机系统内的数据分组的方法和计算机系统设备。 通过添加或删除规则来更新过滤规则决策树。 如果删除过滤规则,则将决策树提供给具有过滤规则的增量删除的网络数据平面处理器。 如果添加过滤规则,则响应于将参数与阈值进行比较,提供过滤规则的增量插入到决策树或将第一决策树重新构建到第二决策树中。 在一个实施例中,参数和阈值涉及树筛选器规则链分支的深度值。 在另一个中,参数和阈值涉及自相关树的建立以来的规则添加的总计数。

    Multi-field classification dynamic rule updates
    8.
    发明授权
    Multi-field classification dynamic rule updates 失效
    多字段分类动态规则更新

    公开(公告)号:US07478426B2

    公开(公告)日:2009-01-13

    申请号:US10894628

    申请日:2004-07-20

    IPC分类号: G06F15/16 G06F9/00

    摘要: The present invention relates to a method and computer system device for applying a plurality of rules to data packets within a network computer system. A filter rule decision tree is updated by adding or deleting a rule. If deleting a filter rule then the decision tree is provided to a network data plane processor with an incremental delete of the filter rule. If adding a filter rule then either providing an incremental insertion of the filter rule to the decision tree or rebuilding the first decision tree into a second decision tree responsive to comparing a parameter to a threshold. In one embodiment the parameter and thresholds relate to depth values of the tree filter rule chained branches. In another the parameter and thresholds relate to a total count of rule additions since a building of the relevant tree.

    摘要翻译: 本发明涉及一种用于将多个规则应用于网络计算机系统内的数据分组的方法和计算机系统设备。 通过添加或删除规则来更新过滤规则决策树。 如果删除过滤规则,则将决策树提供给具有过滤规则的增量删除的网络数据平面处理器。 如果添加过滤规则,则响应于将参数与阈值进行比较,提供过滤规则的增量插入到决策树或将第一决策树重新构建到第二决策树中。 在一个实施例中,参数和阈值涉及树筛选器规则链分支的深度值。 在另一个中,参数和阈值涉及自相关树的建立以来的规则添加的总计数。

    APPARATUS AND METHOD FOR CACHING LOOKUPS BASED UPON TCP TRAFFIC FLOW CHARACTERISTICS
    9.
    发明申请
    APPARATUS AND METHOD FOR CACHING LOOKUPS BASED UPON TCP TRAFFIC FLOW CHARACTERISTICS 失效
    基于TCP流量特性的查询语言的设备和方法

    公开(公告)号:US20080298244A1

    公开(公告)日:2008-12-04

    申请号:US12188333

    申请日:2008-08-08

    IPC分类号: H04L12/56

    CPC分类号: H04L45/00 H04L69/22

    摘要: The classification system of a network device includes a cache in which a mapping between predefined characteristics of TCP/IP packets and associated actions are stored in response to the first “Frequent Flyer” packet in of a session. Selected characteristics from subsequent received packets of that session are correlated with the predefined characteristics and the stored actions are applied to the received packets if the selected characteristics and the predefined characteristics match, thus reducing the processing required for subsequent packets. The packets selected for caching may be data packets. For mismatched characteristics, the full packet search of the classification system is used to determine the action to apply to the received packet.

    摘要翻译: 网络设备的分类系统包括缓存,其中响应于会话中的第一“频繁传单”分组而存储TCP / IP分组的预定义特性与相关动作之间的映射。 如果所选择的特征和预定义的特征匹配,则从该会话的后续接收到的分组中选出的特征与预定义的特征相关联,并且将存储的动作应用于所接收的分组,从而减少后续分组所需的处理。 选择用于缓存的数据包可能是数据包。 对于不匹配的特征,分类系统的全分组搜索用于确定应用于接收到的分组的动作。