[미국특허]
Network processing unit (NPU) integrated layer 2 network device for layer 3 offloading
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-012/803
H04L-029/06
H04L-012/851
출원번호
US-0221987
(2016-07-28)
등록번호
US-10148576
(2018-12-04)
발명자
/ 주소
Yin, Jun
출원인 / 주소
Fortinet, Inc.
대리인 / 주소
Hamilton, DeSanctis & Cha LLP
인용정보
피인용 횟수 :
0인용 특허 :
17
초록▼
Systems and methods for facilitating offloading of communication sessions from layer 3 network devices are provided. According to one embodiment, session information pertaining to a session capable of being offloaded is received from a layer 3 network device by a layer 2 network device that includes
Systems and methods for facilitating offloading of communication sessions from layer 3 network devices are provided. According to one embodiment, session information pertaining to a session capable of being offloaded is received from a layer 3 network device by a layer 2 network device that includes multiple network processing units (NPUs). The session is assigned to one of the NPUs. Subsequently, responsive to receiving, by the layer 2 network device, a packet associated with the session, the packet is processed by the assigned NPU and forwarded on behalf of the layer 3 network device to a destination specified by the processed packet.
대표청구항▼
1. A layer 2 network device comprising: a plurality of network processing units (NPUs);a non-transitory storage device having embodied therein one or more routines operable to facilitate forwarding of network traffic offloaded by a layer 3 network device coupled to the layer 2 network device; anda c
1. A layer 2 network device comprising: a plurality of network processing units (NPUs);a non-transitory storage device having embodied therein one or more routines operable to facilitate forwarding of network traffic offloaded by a layer 3 network device coupled to the layer 2 network device; anda central processing unit (CPU) coupled to the non-transitory storage device and operable to execute the one or more routines, wherein the one or more routines include: a session information processing module, which when executed by the CPU, receives session information associated with a session offloaded by the layer 3 network device, assigns the session information to one of the plurality of NPUs and maintains information regarding sessions assigned to each of the plurality of NPUs;a packet processing module, which when executed by the CPU, receives a packet, identifies the packet as being associated with the session, determines the associated NPU of the plurality of NPUs by which the packet should be processed based on the session and causes the associated NPU to process the packet, including one or more of header parsing, pattern matching, bit-field manipulation, table look-ups, packet modification and data movement; anda packet forwarding module, which when executed by the CPU, forwards the processed packet to a destination specified by the processed packet on behalf of the layer 3 network device. 2. The layer 2 network device of claim 1, wherein the layer 2 network device comprises a switch. 3. The layer 2 network device of claim 1, wherein the layer 3 network device comprises any or a combination of a physical firewall, a virtual firewall, a physical router, a virtual router, a physical gateway device, a virtual gateway device, a physical network controller and a virtual network controller. 4. The layer 2 network device of claim 1, wherein the session information processing module is configured to create, delete, update or maintain a session table. 5. A method comprising: receiving, by a layer 2 network device including a plurality of network processing units (NPUs), from a layer 3 network device, session information pertaining to a session capable of being offloaded;assigning, by the layer 2 network device, the session to a first NPU of the plurality of NPUs;responsive to receiving, by the layer 2 network device, a packet associated with the session: causing the packet to be processed by the first NPU; andforwarding the processed packet on behalf of the layer 3 network device to a destination specified by the processed packet. 6. The method of claim 5, wherein the layer 2 network device comprises a switch. 7. The method of claim 5, wherein the layer 3 network device comprises any or a combination of a physical firewall, a virtual firewall, a physical router, a virtual router, a physical gateway device, a virtual gateway device, a physical network controller, and a virtual network controller. 8. A method comprising: offloading, by a layer 2 network device including a plurality of network processing units (NPUs), a plurality of sessions from a layer 3 network device by: receiving, by the layer 2 network device, session information pertaining to each of the plurality of sessions from the layer 3 network device;assigning, by the layer 2 network device, each of the plurality of sessions to respective NPUs of the plurality of NPUs;responsive to receiving, by the layer 2 network device, a packet: determining whether the packet is associated with a session of the plurality of sessions by comparing the packet against the session information;when said determining is negative, forwarding the packet to the layer 3 network device for processing; andwhen said determining is affirmative: processing the packet by an NPU of the plurality of NPUs to which the session has been assigned; andforwarding the processed packet on behalf of the layer 3 network device to a destination specified by the processed packet. 9. The method of claim 8, wherein said receiving, by the layer 2 network device, session information pertaining to each of the plurality of sessions from the layer 3 network device comprises receiving, by a session maintenance daemon running on the layer 2 network device, the session information. 10. The method of claim 8, wherein said assigning, by the layer 2 network device, each of the plurality of sessions to respective NPUs of the plurality of NPUs includes maintaining a mapping between each of the plurality of sessions and the respective NPUs via a session table. 11. The method of claim 8, wherein said assigning, by the layer 2 network device, each of the plurality of sessions to respective NPUs of the plurality of NPUs includes performing load balancing among the plurality of NPUs. 12. The method of claim 8, wherein the session information comprises for each session of the plurality of sessions information regarding one or more of the protocol associated with the session, a source Internet Protocol (IP) address, a destination IP address, a source Media Access Control (MAC) address, a destination MAC address, a source port, a destination port, connection state information, a unique session identifier, an action to be taken on packets associated with the session and a session expiration time. 13. The method of claim 8, wherein said processing the packet by an NPU of the plurality of NPUs to which the session has been assigned includes performing one or more of header parsing, pattern matching, bit-field manipulation, table look-ups, packet modification and data movement.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (17)
Yoon, Seung Yong; Oh, Jin Tae; Jang, Jong Soo, Apparatus and method for managing session state.
McDaniel, Scott; Fan, Kan Frankie; El Zur, Uri, Method and system for transmit scheduling for multi-layer network interface controller (NIC) operation.
Ku Edward H. ; Ervin James Philip ; Henderson Douglas Ray ; Matlack ; Jr. Richard Colbert ; Wingler Jean Huey, Method and system of parsing frame headers for routing data frames within a computer network.
Livne, Shlomo; Heiman, Amnon; Kadosh, Nadav, System and method to support smart offloading of an online charging system using a service capability interaction manager.
Kaler, Christopher G.; Langworthy, David E.; Shewchuk, John P., Using expressive session information to represent communication sessions in a distributed system.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.