Forwarding plane configuration for separation of services and forwarding in an integrated services router
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-012/26
H04L-012/56
출원번호
US-0235677
(2008-09-23)
등록번호
US-8300532
(2012-10-30)
발명자
/ 주소
Venkatramani, Anjan
Varadhan, Kannan
Frailong, Jean-Marc
Gupta, Sanjay
Sun, Linda
Ramamoorthi, Sankar
Sindhu, Pradeep
Athreya, Anand S.
Chao, Chih-Wei
Ge, Shuhua
출원인 / 주소
Juniper Networks, Inc.
대리인 / 주소
Harrity & Harrity, LLP
인용정보
피인용 횟수 :
56인용 특허 :
0
초록▼
A method may include receiving a packet at an ingress line interface in a forwarding plane of a network element, the packet including header information. The method may also include conducting a flow table lookup in the forwarding plane to identify an existing flow for the packet and determining, in
A method may include receiving a packet at an ingress line interface in a forwarding plane of a network element, the packet including header information. The method may also include conducting a flow table lookup in the forwarding plane to identify an existing flow for the packet and determining, in the forwarding plane and based on the header information, whether a predicted flow can be identified for the packet if an existing flow can not be identified. The method may further include performing a service access control list (ACL) lookup in the forwarding plane if a predicted flow can not be identified; and forwarding the packet to one of a services plane or an egress line interface in the forwarding plane based on one of the existing flow, the predicted flow, or the service ACL lookup.
대표청구항▼
1. A method comprising: receiving a packet at an egress line interface of a forwarding plane of a network element;determining that a service has not been performed on the packet in a services plane of the network element;determining whether an existing flow can be identified for the packet by conduc
1. A method comprising: receiving a packet at an egress line interface of a forwarding plane of a network element;determining that a service has not been performed on the packet in a services plane of the network element;determining whether an existing flow can be identified for the packet by conducting a flow table lookup at the egress line interface;determining, when the existing flow cannot be identified for the packet, whether a predicted flow can be identified for the packet at the egress line interface;performing, when the predicted flow cannot be identified for the packet, a service access control list (ACL) lookup at the egress line interface; andforwarding, after determining that the service has not been performed on the packet, the packet to the services plane based on the existing flow, the predicted flow, or the service ACL lookup. 2. The method of claim 1, where forwarding the packet to the services plane comprises: identifying a particular service engine, of a plurality of service engines, by forwarding the packet to a service engine distributor; andforwarding the packet from the service engine distributor to the particular service engine. 3. The method of claim 1, where forwarding the packet to the services plane comprises: determining that the existing flow, the predicted flow, or the service ACL lookup indicates a need for service processing; andforwarding the packet to the services plane after determining that the existing flow, the predicted flow, or the service ACL lookup indicates the need for service processing. 4. The method of claim 1, where forwarding the packet to the services plane comprises: identifying a particular service engine of a plurality of service engines; andforwarding the packet the particular service engine. 5. The method of claim 1, further comprising: determining, at an ingress line interface of the forwarding plane, that service processing is not needed for the packet; andforwarding the packet from the ingress line interface to the egress line interface after determining, at the ingress line interface, that the service processing is not needed for the packet. 6. The method of claim 1, further comprising: receiving the packet at an ingress line interface of the forwarding plane;determining whether the existing flow can be identified for the packet, at the ingress line interface, by conducting an initial flow table lookup at the ingress line interface;determining, when the existing flow cannot be identified at the ingress line interface, whether the predicted flow can be identified for the packet at the ingress line interface; andperforming, when the predicted flow cannot be identified at the ingress line interface, an initial service ACL lookup; andforwarding the packet to one of the services plane or the egress line interface based on the existing flow, the predicted flow, or the initial service ACL lookup. 7. The method of claim 6, where performing the initial service ACL lookup comprises: determining that a lookup of ingress services policies does not identify a need for service processing; andapplying a zone-based access control list (ACL) to the packet after determining that the lookup of ingress services policies does not identify the need for service processing. 8. The method of claim 1, further comprising: conducting a lookup for route-based services in the forwarding plane, andforwarding the packet based on the lookup for route-based services. 9. A network device comprising: a line interface, the line interface being in a forwarding plane and including: a processor to: receive a packet at the line interface,determine whether an existing flow can be identified for the packet by conducting a flow table lookup for the packet,determine whether a predicted flow can be identified for the packet when the existing flow cannot be identified for the packet,conduct an access control list (ACL) lookup when the predicted flow cannot be identified for the packet,determine whether the flow table lookup, the predicted flow, or the ACL lookup indicates a need for service processing for the packet, andforward the packet to an egress line interface of the forwarding plane when the flow table lookup, the predicted flow, or the ACL lookup does not indicate the need for service processing for the packet, the egress line interface determining whether the predicted flow or another predicted flow can be determined for the packet. 10. The network device of claim 9, where the network device comprises: a router,a switch,a firewall device, ora server device. 11. The network device of claim 9, further comprising: a service engine distributor to: receive the packet,identify a particular service engine based on the flow table lookup, the predicted flow, or the ACL lookup, andforward the packet to the particular service engine. 12. The network device of claim 9, where the egress line interface further comprises: an existing flow table that stores information for existing packet flows, the existing packet flows including the existing flow when the existing flow can be identified for the packet. 13. The network device of claim 9, where the processor is further to: forward the packet to a services plane when the flow table lookup, the predicted flow, or the ACL lookup indicates the need for service processing; andprovide information regarding the forwarding of the packet to the services plane. 14. The network device of claim 9, where the processor is included in an application-specific integrated circuit (ASIC). 15. A network element comprising: one or more processors to: receive a packet at an egress line interface of a forwarding plane;determine that a service has not been performed on the packet in a services plane;determine whether an existing flow can be identified for the packet;determine whether a predicted flow can be determined for the packet when the existing flow cannot be identified for the packet;conduct an egress services policy lookup for the packet when the predicted flow cannot be determined for the packet; andforward, after determining that the service has not been performed on the packet, the packet to a services plane based on the existing flow, the predicted flow, or the egress services policy lookup. 16. A method comprising: receiving, by a network device, a packet at an egress line interface in the forwarding plane of the network device;determining, by the network device, that a service has not been performed on the packet in a services plane of the network device;determining, by the network device, whether an existing flow can be identified for the packet by conducting a flow table lookup;determining, by the network device and when the existing flow cannot be identified for the packet, whether a predicted flow can be determined for the packet;conducting, by the network device, an egress services policy lookup when the predicted flow cannot be determined for the packet; andforwarding, by the network device and after determining that the service has not been performed on the packet, the packet to a service engine distributor based on the flow table lookup, the predicted flow, or the egress services policy lookup. 17. The method of claim 16, where the service engine distributor is located in the services plane of the network device. 18. The method of claim 17, further comprising: confirming that the packet is being sent over an interface described in a header of the packet. 19. A network device comprising: a services plane; anda forwarding plane comprising: an egress line interface to: receive a packet from an ingress line interface,determine that a service has not been performed on the packet in the services plane,determine whether an existing flow can be identified for the packet by conducting a flow table lookup,determine whether a predicted flow can be identified for the packet when the existing flow cannot be identified,perform a service access control list (ACL) lookup when the predicted flow cannot be identified, andforward, after determining that the service has not been performed, the packet to the services plane based on the existing flow, the predicted flow, or the service ACL lookup. 20. The network device of claim 19, where the services plane comprises: a plurality of service engines to perform services; anda service engine distributor to: receive the packet,identify a particular service engine of the plurality of service engines, andforward the packet to the particular service engine.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허를 인용한 특허 (56)
Gredler, Hannes; Medved, Jan; Ward, David, Advertising traffic engineering information with the border gateway protocol for traffic engineered path computation.
Hyde, Roderick A.; Levien, Royce A.; Lord, Richard T.; Lord, Robert W.; Malamud, Mark A.; Tegreene, Clarence T., Protocols for allocating communication services cost in wireless communications.
Hyde, Roderick A.; Levien, Royce A.; Lord, Richard T.; Lord, Robert W.; Malamud, Mark A.; Reudink, Douglas O.; Tegreene, Clarence T., Protocols for facilitating broader access in wireless communications by conditionally authorizing a charge to an account of a third party.
Hyde, Roderick A.; Levien, Royce A.; Lord, Richard T.; Lord, Robert W.; Malamud, Mark A.; Tegreene, Clarence T., Protocols for facilitating third party authorization for a rooted communication device in wireless communications.
Varadhan, Kannan; Frailong, Jean-Marc; Venkatramani, Anjan, Scalable security services for multicast in a router having integrated zone-based firewall.
Hyde, Roderick A.; Levien, Royce A.; Lord, Richard T.; Lord, Robert W.; Malamud, Mark A.; Tegreene, Clarence T., Systems and methods for communication management.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.