USRE42135E1 - Multi-protocol data classification using on-chip cam - Google Patents
Multi-protocol data classification using on-chip cam Download PDFInfo
- Publication number
- USRE42135E1 USRE42135E1 US11/429,636 US42963606A USRE42135E US RE42135 E1 USRE42135 E1 US RE42135E1 US 42963606 A US42963606 A US 42963606A US RE42135 E USRE42135 E US RE42135E
- Authority
- US
- United States
- Prior art keywords
- key
- data
- entries
- tags
- cam
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime, expires
Links
- 230000015654 memory Effects 0.000 claims abstract description 12
- 239000013598 vector Substances 0.000 claims description 43
- 238000000034 method Methods 0.000 claims description 13
- 230000004044 response Effects 0.000 claims 4
- 238000000605 extraction Methods 0.000 description 16
- 230000009471 action Effects 0.000 description 10
- 238000001914 filtration Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 230000035755 proliferation Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C15/00—Digital stores in which information comprising one or more characteristic parts is written into the store and in which information is read-out by searching for one or more of these characteristic parts, i.e. associative or content-addressed stores
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
- G06F16/90335—Query processing
- G06F16/90339—Query processing by using parallel associative memories or content-addressable memories
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/99931—Database or file accessing
- Y10S707/99933—Query processing, i.e. searching
- Y10S707/99936—Pattern matching access
Definitions
- the present invention relates to the field of networking. More specifically, the present invention relates to multi-protocol data classification using on-chip content addressable memory (CAM).
- CAM on-chip content addressable memory
- firewalls are often utilized to effectively hide devices sharing a network with the firewall from potentially untrustworthy external sources.
- the firewall In order to differentiate between data communicated from the various trustworthy “internal” sources and the untrustworthy “external” sources, the firewall often inspects the source address of the data packet to determine the identity of the data packet source. The firewall then typically blocks passage of the data into the network from sources deemed untrustworthy, and passes data from sources deemed trustworthy.
- FIG. 1 illustrates an overview of the present invention in accordance with one embodiment
- FIGS. 2A and 2B illustrate the concept of group memberships in accordance with one embodiment of the invention
- FIGS. 3A and 3B illustrate exemplary Ethernet frame structures suitable for use with the present invention
- FIG. 4 is a state diagram illustrating operation of one embodiment of extraction logic for use in association with the present invention.
- FIG. 5 illustrates one embodiment of classifier of the present invention
- FIG. 6 illustrates one embodiment of filter logic suitable for use in association with present invention.
- FIG. 7 is a block diagram illustrating one embodiment of an integrated circuit incorporating the teachings of the present invention.
- classifier 102 includes extraction logic 103 and on-chip content addressable memory (CAM) logic 108 coupled together via communication link 104 .
- Extraction logic 103 is equipped to extract one or more data keys, such as data key 106 , from a data input stream ( 101 ) and compare the extracted data key(s) against data stored within CAM logic 108 , such as key entries 112 and associated key tags 113 .
- each content addressable memory and each of key entries 112 of CAM logic 108 is associated with a class of data, whereas each of key tags 113 represents a subclass of data.
- data key 106 If data key 106 is determined to be equivalent to any of key entries 112 for example, then data key 106 would be classified as belonging to the class(es) of data represented by the matching one(s) of key entries 112 and the subclass(es) of data represented by the corresponding one(s), of key tags 113 .
- the key tag(s) associated with the one or more key entries that are found to be equivalent to data key 106 are output from CAM logic 108 to form at least part of categorization vector 110 .
- Categorization vector 110 may then be used in association with packet filtering logic such as that described with respect to FIG. 6 to filter data packets of unclassified data stream 101 based upon the extracted data keys.
- FIGS. 2A and 2B each illustrate the concept of group memberships in accordance with one embodiment of the invention.
- three overlapping membership groups (I, II, and II) are shown forming seven labeled membership regions ( 202 , 204 , 205 , 206 , 208 , 210 , and 212 ).
- Region 205 represents the region formed by the intersection of membership Group I, membership Group II, and membership Group III.
- region 204 is formed by the intersection between membership Group I and membership Group III minus region 205
- region 206 is formed by the intersection between membership Group I and membership Group II minus region 205
- region 210 is formed by the intersection between membership Group II and membership Group III minus region 205 .
- membership Groups I, II, and III may represent any number of distinct categories or classes of data types that share common characteristics.
- membership Group I may represent a group of data packets containing source addresses that share one or more common characteristics (e.g., geographic location)
- membership Group II may represent a group of destination addresses sharing common characteristics
- membership Group III may represent a group of Virtual Local Area Network (VLAN) tags similarly sharing common characteristics.
- VLAN Virtual Local Area Network
- each of the various membership groups of FIG. 2A represents a unique data class and each of the regions depicted in FIG. 2A represents a data subclass.
- membership Group I may represent data packets originating from a particular source address or subnet
- membership Group II may represent data packets addressed to a particular destination address or subnet.
- region 206 might then represent those data packets including a source address having the characteristics of membership Group I, while also including a destination address having the characteristics of membership Group II.
- the only data packets that include characteristics of both membership Group I and membership Group II that would not be represented by region 206 would be those data packets represented by region 205 (e.g., those data packets including the particular source and destination addresses that are members of the VLAN represented by Group III).
- data memberships such as those shown in FIG. 2A may be reflected by key entries stored within CAM logic 108 of FIG. 1 (to be more fully described below).
- key entries stored within CAM logic 108 of FIG. 1 (to be more fully described below).
- data packets included within Group I represent source addresses that are stored within a first CAM
- data packets included within Group II represent destination addresses that are stored within a second CAM.
- data packets included within Group III represent VLAN tags that are stored within a third CAM.
- data packets represented by region 206 may thus be stored within either one or both of the first and/or second CAMs.
- the data packets are stored as 64-bit representations within one or more CAMs.
- the key entries within each CAM are further divided into subgroups representing subclasses of the data class represented by the associated CAM. In one embodiment of the invention, these subclasses of data are represented by binary key tag strings.
- FIG. 2B also illustrates various group memberships in accordance with one embodiment of the invention.
- FIG. 2B includes a first membership group 215 representing a first class of data, and a second membership group 220 representing a second class of data.
- group 215 represents a class of data corresponding to income levels of individuals
- group 220 represents a class of data corresponding to occupations of individuals.
- a certain portion of those occupations included within group 220 are not included within the income levels of group 215 . That is, it can be assumed that those occupations not included within group 215 can be said to represent a portion of individuals who are employed but do not get paid a salary, such as volunteers, for example.
- Group 215 is further subdivided into subclasses of data represented by regions 216 - 218
- group 220 is further subdivided into subclasses of data represented by regions 221 - 223
- region 218 might represent a first income range of $0 to $40,000
- region 217 might represent a second income range of $40,001 to $100,000
- region 216 might represent a third income range of $100,001 and greater
- region 223 might represent a first occupation
- region 222 might represent a second occupation
- region 221 might represent a third occupation.
- each subclass of data i.e., represented by the respective regions 216 - 218 and 220 - 223 of groups 215 and 220 of FIG.
- FIGS. 2A and 2B are only two simple examples intended for illustrative purposes and should not be viewed as limiting the invention.
- the various data class and subclass relationships depicted in FIGS. 2A and 2B for example are stored within one or more CAMs of the present invention.
- Extraction logic 103 compares an extracted data key from input data stream 101 (e.g., data key 106 ), with key entries stored within CAM logic 108 to determine if the data key and key entries are equivalent.
- a data key represents only a portion of a data packet, whereas in other embodiments, the data key may represent the data packet in its entirety.
- a data key could be all or just a portion of a source address, a destination address, a VLAN tag, an Internet Protocol (IP) address and so forth.
- IP Internet Protocol
- CAM logic 108 includes at least one nybble wide data mask to facilitate partial equivalence matching between the one or more data keys and the key entries.
- the data key is identified as belonging to the class of data represented by each CAM containing an equivalent key entry.
- the data key is further classified as belonging to one of one or more data subclasses associated with each data class.
- FIGS. 3A and 3B illustrate exemplary Ethernet frame structures suitable for use with the present invention.
- frame 300 is shown including a preamble field, a start delimiter field, destination MAC address field 304 , source MAC address field 306 , length/type field 310 , data field 312 , pad field 314 and CRC field 316 .
- frame 300 is shown including a preamble field, a start delimiter field, destination MAC address field 304 , source MAC address field 306 , length/type field 310 , data field 312 , pad field 314 and CRC field 316 .
- frame 300 is shown including a preamble field, a start delimiter field, destination MAC address field 304 , source MAC address field 306 , length/type field 310 , data field 312 , pad field 314 and CRC field 316 .
- the preamble and start delimiter fields are used for synchronization between sending and receiving devices.
- Destination MAC address field 304 identifies the device or devices that are to receive the frame
- source MAC address field 306 identifies the device that originated the frame.
- both destination MAC address field 304 and source MAC address field 306 are each shown as being 6-bytes in length, other variations may also be utilized.
- IEEE 802.3 standard provides for source and destination addresses that are 2-bytes in length: If the value of length/type field 310 is less than or equal to 1500, then length/type field 310 indicates the number of bytes in subsequent data field 312 .
- length/type field 310 indicates the nature of the MAC client protocol.
- Data field 312 contains the data transferred from the source device to the destination device or devices. In one embodiment, the size of data field 312 varies between 64 and 1500 bytes. If the size of the data is less than 64 bytes, pad field 314 is utilized to provide extra data to bring the frame length up to its minimum size. Frame 300 and its constituent fields are well known in the art and will not be further described except in relation to the present invention.
- frame 302 is shown in substantially similar form as frame 300 .
- tag type field 308 and tag control information field 309 are further provided in frame 302 to form a VLAN tag.
- Tag type field 308 and tag control information field 309 are associated with VLAN tagging on Ethernet networks as described in the IEEE 802.3ac standard.
- the VLAN protocol itself (as provided by the IEEE 802.1Q standard) permits insertion of an identifier or “tag” into an Ethernet frame to identify the VLAN to which the frame belongs. According to the protocol, if the VLAN tag (i.e.
- tag type field 308 is set to a fixed value of 0 ⁇ 8100 which indicates the presence of the VLAN tag.
- classifier 102 may determine whether data key 106 is equivalent to a whole or part of a VLAN tag stored within one or more CAMs within CAM logic 108 .
- extraction logic 103 may be configured to extract all or part of a VLAN tag from an input data stream for use as data key 106 to be compared against the contents of CAM logic 108 .
- a fixed value may selectively be provided as part of data key 106 in place of the non-present VLAN tag.
- classifier 102 utilizes multiple CAMs configured in a parallel arrangement to facilitate simultaneous classification of numerous data keys. In one embodiment of the invention, eight CAMs are cooperatively utilized in association with eight extracted data keys.
- extraction logic 103 utilizes a number of pointers and registers to track and store packet-related information such as multiple offset values, start of packet (SOP) and end of packet (EOP) indicators, and VLAN tag information for use in association with one or more data packets or frames.
- extraction logic 103 includes a programmable byte offset for determining which packet data to extract. In one embodiment, the programmable byte offset provides for offsets from the SOP indicator ranging from 0 to 16 bytes. In one embodiment, 64-contiguous bits are extracted from the indicated offset point, however any number of bits may be extracted depending upon the implementation and hardware configuration of classifier 102 .
- FIG. 4 is a state diagram illustrating operation of one embodiment of extraction logic suitable for use in association with the extraction of one or more data keys of the present invention. Referring to FIG. 4 , state machine 400 is shown having four states (0-3). In the illustrated embodiment, state machine 400 gathers the first four valid)words of a newly received packet (as judged e.g. from the SOP) in a register.
- a default CAM value e.g., “00”
- extraction logic 103 is equipped to extract one or more data keys from a data stream based upon a dynamically programmable offset, and compare such data keys with key entries stored within one or more CAMs.
- each key entry stored within the one or more CAMs is associated with a corresponding key tag such that when any of the extracted data keys is determined to be equivalent to a key entry in a CAM, the associated key tag corresponding to the key entry is output. If the data key is not equivalent to any key entry in any CAM, a value indicating such (e.g., binary “0”) is output.
- the key-tags that are output as a result of the comparison are concatenated together to form a categorization vector.
- FIG. 5 illustrates a hardware design of classifier 102 in accordance with one embodiment of the invention.
- CAMs 314 and 324 are shown including key entries 1 - 5 (i.e. key 1 through key 5 ) in association with corresponding key tags 315 and 325 , respectively.
- each of CAMs 314 and 324 represent a 64 ⁇ 256 Content Addressable Memory to provide 256 64-bit key entries per CAM.
- each of CAMs 314 and 324 is coupled to a 2-bit wide SRAM to store key tags 315 and 325 , however other customized CAM implementations may similarly be utilized.
- CAMs 314 and 324 are each coupled to various components including a MUX ( 304 , 306 ) and a nybble mask ( 310 , 320 ). More specifically, MUX 304 is coupled to a input signal line 302 and multiple output signal lines 311 and 312 . Likewise, MUX 306 is coupled to input signal line 302 and multiple output signal lines 321 and 322 . Nybble mask 310 is coupled between MUX 304 and CAM 314 , and nybble mask 320 is coupled between MUX 306 and CAM 324 .
- nybble masks 310 and 320 may be independently programmed to store data to “mask off” at least part of the corresponding data key for comparison against key entries 1 - 5 stored within CAMs 314 and 324 .
- MUXs 304 and 306 may be configured to select or bypass nybble masks 310 and 320 respectively, as deemed appropriate. For example, by selecting signal line 312 , MUX 304 may bypass nybble mask 310 , and by selecting signal line 322 , MUX 306 may bypass nybble mask 320 .
- MUXs 304 and 306 may operate in association with an n-bit configuration register coupled to the SEL lines of the respective MUXs to function as extraction logic 103 . In one embodiment, this can be accomplished by coupling signal line 302 to the above-mentioned gathering register and enabling only select subsets (or the entire set) of bits from the gathering register to pass through MUXs 304 and 306 .
- the corresponding key tag ( 315 , 325 ) associated with the matched key entry is output to form at least part of categorization vectors 316 and 326 .
- CAMs 314 and 324 By programming CAMs 314 and 324 (i.e. through a simple software interface), it is possible to define packet filtering rules that will influence which data packets are passed from one network segment to another, which packets are diverted to a host processor or other device for further processing, which packets are dropped from the network based upon group membership principles, and so forth.
- a network administrator might configure a switching device to allow data originating from a first set of devices from within the organization (i.e. members of a first group) to pass, while blocking other data that originates from one or more devices external to the organization (i.e., members of a second group).
- one or more data keys are programmably extracted from each received data packet and compared to one or more key entries in one or more CAMs to create a categorization vector.
- a determination may be made as to the final disposition of each data packet based at least in part upon the previously programmed packet filtering rules.
- FIG. 6 illustrates one embodiment of filter logic suitable for use in association at with present invention.
- Filter logic 604 includes a variable number (N) of packet filters coupled together in a cascaded fashion, and one default filter coupled to the N cascaded packet filters.
- Each of the packet filters shown in FIG. 6 includes function logic 605 , polarity logic 610 , and action logic 615 .
- Function logic 605 includes value logic 607 and mask logic 609 to perform comparisons between the categorization vector and one or more data strings stored in value logic 607 and mask logic 609 .
- Action logic 615 specifies an action to be taken with respect to the data packet.
- action logic 615 may specify whether the data packet should be dropped, passed, or diverted based upon the outcome of one or more logical operations (i.e., comparisons) performed between the categorization vector and data strings specified by value logic 607 and mask logic 609 , for example.
- Polarity logic 610 includes logic to indicate whether the action specified by action logic 615 should be taken based upon a match condition or a miss condition resulting from such comparisons between the categorization vector and the data strings.
- filters 1 to N are priority encoded such that one filter is given precedence over all other filters in determining the action to be taken with respect to the data packet.
- the highest numbered filter is given the highest priority
- the default filter is given the lowest priority.
- categorization vector 110 is passed in parallel to all the priority encoded filters (including the default filter), which perform one or more combinational logic based operations on categorization vector 110 to determine the disposition of the data packet.
- function logic 605 further includes independently programmable value logic 607 and independently programmable mask logic 609 to store programmable value data and logic to store programmable mask data respectively.
- the value data and the mask data are used together to compare expected values (as determined e.g. by a system administrator) against the values represented by categorization vector 110 .
- Each packet filter in which the categorization vector satisfies the specified criteria is then enabled.
- the enabled packet filter having the highest relative priority is selected to dispose of the data packet. If the categorization vector does not satisfy the criteria set forth in any of the packet filters, then the default filter unconditionally disposes of the data packet by performing the action programmed within action logic 620 .
- any one or more of the priority encoded filters may be disabled such that the disabled filter takes no action with respect to the data packet.
- function logic 605 and polarity logic 610 may be dynamically reconfigured while the respective filter is disabled.
- FIG. 7 is a block diagram illustrating an integrated circuit in accordance with one embodiment of the invention.
- Integrated circuit (IC) 700 includes classifier 702 and filter logic 704 .
- Classifier 702 comprises extraction logic 703 and CAM logic 708 including on chip CAM 714 .
- IC 700 receives unclassified data stream 701 from a source external to IC 700 .
- extraction logic 703 extracts one or more data keys, such as data key 706 , which are input into CAM logic 708 for comparison and classification.
- any data key matches a key entry stored within the one or more CAMs included within CAM logic 708 , then the matching data key is said to belong to a class of data represented by the CAM containing the matching key entry.
- an associated key tag is identified corresponding to a data subclass.
- the key tag representing the data subclass is then out put to form at least part of categorization vector 710 , which is then sent to filter logic 704 .
- Filter logic 704 performs automatic and programmable combinational logic-based comparisons on the categorization vector to determine the final disposition of the data packets received as part of unclassified data stream 701 based at least in part upon programmed packet filtering rules.
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (43)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/429,636 USRE42135E1 (en) | 2001-07-19 | 2006-05-04 | Multi-protocol data classification using on-chip cam |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/910,119 US6732228B1 (en) | 2001-07-19 | 2001-07-19 | Multi-protocol data classification using on-chip CAM |
US11/429,636 USRE42135E1 (en) | 2001-07-19 | 2006-05-04 | Multi-protocol data classification using on-chip cam |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/910,119 Reissue US6732228B1 (en) | 2001-07-19 | 2001-07-19 | Multi-protocol data classification using on-chip CAM |
Publications (1)
Publication Number | Publication Date |
---|---|
USRE42135E1 true USRE42135E1 (en) | 2011-02-08 |
Family
ID=32177058
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/910,119 Ceased US6732228B1 (en) | 2001-07-19 | 2001-07-19 | Multi-protocol data classification using on-chip CAM |
US11/429,636 Expired - Lifetime USRE42135E1 (en) | 2001-07-19 | 2006-05-04 | Multi-protocol data classification using on-chip cam |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/910,119 Ceased US6732228B1 (en) | 2001-07-19 | 2001-07-19 | Multi-protocol data classification using on-chip CAM |
Country Status (1)
Country | Link |
---|---|
US (2) | US6732228B1 (en) |
Families Citing this family (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020170735A1 (en) * | 1997-09-05 | 2002-11-21 | Bicc General Uk Cables Limited. | Electric cable joints and methods of making them |
US7076225B2 (en) * | 2001-02-16 | 2006-07-11 | Qualcomm Incorporated | Variable gain selection in direct conversion receiver |
US7133409B1 (en) * | 2001-07-19 | 2006-11-07 | Richard Willardson | Programmable packet filtering in a prioritized chain |
US6957215B2 (en) * | 2001-12-10 | 2005-10-18 | Hywire Ltd. | Multi-dimensional associative search engine |
US7301961B1 (en) | 2001-12-27 | 2007-11-27 | Cypress Semiconductor Corportion | Method and apparatus for configuring signal lines according to idle codes |
US6906936B1 (en) * | 2001-12-27 | 2005-06-14 | Cypress Semiconductor Corporation | Data preclassifier method and apparatus for content addressable memory (CAM) device |
US20040236902A1 (en) * | 2003-05-19 | 2004-11-25 | Integrated Silicon Solution, Inc. | Data distribution in content addressable memory |
US7756134B2 (en) | 2006-05-02 | 2010-07-13 | Harris Corporation | Systems and methods for close queuing to support quality of service |
US7894509B2 (en) | 2006-05-18 | 2011-02-22 | Harris Corporation | Method and system for functional redundancy based quality of service |
US8516153B2 (en) | 2006-06-16 | 2013-08-20 | Harris Corporation | Method and system for network-independent QoS |
US8064464B2 (en) | 2006-06-16 | 2011-11-22 | Harris Corporation | Method and system for inbound content-based QoS |
US7990860B2 (en) | 2006-06-16 | 2011-08-02 | Harris Corporation | Method and system for rule-based sequencing for QoS |
US7856012B2 (en) * | 2006-06-16 | 2010-12-21 | Harris Corporation | System and methods for generic data transparent rules to support quality of service |
US7916626B2 (en) | 2006-06-19 | 2011-03-29 | Harris Corporation | Method and system for fault-tolerant quality of service |
US8730981B2 (en) | 2006-06-20 | 2014-05-20 | Harris Corporation | Method and system for compression based quality of service |
US7769028B2 (en) | 2006-06-21 | 2010-08-03 | Harris Corporation | Systems and methods for adaptive throughput management for event-driven message-based data |
US8300653B2 (en) | 2006-07-31 | 2012-10-30 | Harris Corporation | Systems and methods for assured communications with quality of service |
FR2907994A1 (en) * | 2006-10-26 | 2008-05-02 | France Telecom | Data classifying method for routing equipment, involves searching rule corresponding to index found in rule table memorizing set of rules associated to index, and intersecting rule found for all fields to obtain rule satisfied by data |
CN101874384B (en) * | 2007-08-02 | 2017-03-08 | 泰克莱克股份有限公司 | For from method, system and the computer-readable medium collecting data in the Network that high speed Internet protocol (IP) communication links are passed |
US8826366B2 (en) * | 2010-07-15 | 2014-09-02 | Tt Government Solutions, Inc. | Verifying access-control policies with arithmetic quantifier-free form constraints |
US12001427B2 (en) * | 2020-12-28 | 2024-06-04 | Samsung Electronics Co., Ltd. | Systems, methods, and devices for acceleration of merge join operations |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5805855A (en) * | 1994-10-05 | 1998-09-08 | International Business Machines Corporation | Data cache array having multiple content addressable fields per cache line |
US5842040A (en) * | 1996-06-18 | 1998-11-24 | Storage Technology Corporation | Policy caching method and apparatus for use in a communication device based on contents of one data unit in a subset of related data units |
US6181699B1 (en) * | 1998-07-01 | 2001-01-30 | National Semiconductor Corporation | Apparatus and method of assigning VLAN tags |
US6289414B1 (en) * | 1998-10-08 | 2001-09-11 | Music Semiconductors, Inc. | Partially ordered cams used in ternary hierarchical address searching/sorting |
US6374326B1 (en) * | 1999-10-25 | 2002-04-16 | Cisco Technology, Inc. | Multiple bank CAM architecture and method for performing concurrent lookup operations |
US20020126672A1 (en) | 2001-01-10 | 2002-09-12 | Nelson Chow | Method and apparatus for a flexible and reconfigurable packet classifier using content addressable memory |
US6467019B1 (en) * | 1999-11-08 | 2002-10-15 | Juniper Networks, Inc. | Method for memory management in ternary content addressable memories (CAMs) |
US20020163909A1 (en) | 2001-05-04 | 2002-11-07 | Terago Communications, Inc. | Method and apparatus for providing multi-protocol, multi-stage, real-time frame classification |
US6484170B2 (en) * | 1999-11-30 | 2002-11-19 | Mosaid Technologies, Inc. | Generating searchable data entries and applications therefore |
US6633567B1 (en) * | 2000-08-31 | 2003-10-14 | Mosaid Technologies, Inc. | Method and apparatus for searching a filtering database with one search operation |
US7133409B1 (en) * | 2001-07-19 | 2006-11-07 | Richard Willardson | Programmable packet filtering in a prioritized chain |
-
2001
- 2001-07-19 US US09/910,119 patent/US6732228B1/en not_active Ceased
-
2006
- 2006-05-04 US US11/429,636 patent/USRE42135E1/en not_active Expired - Lifetime
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5805855A (en) * | 1994-10-05 | 1998-09-08 | International Business Machines Corporation | Data cache array having multiple content addressable fields per cache line |
US5842040A (en) * | 1996-06-18 | 1998-11-24 | Storage Technology Corporation | Policy caching method and apparatus for use in a communication device based on contents of one data unit in a subset of related data units |
US6181699B1 (en) * | 1998-07-01 | 2001-01-30 | National Semiconductor Corporation | Apparatus and method of assigning VLAN tags |
US6289414B1 (en) * | 1998-10-08 | 2001-09-11 | Music Semiconductors, Inc. | Partially ordered cams used in ternary hierarchical address searching/sorting |
US6374326B1 (en) * | 1999-10-25 | 2002-04-16 | Cisco Technology, Inc. | Multiple bank CAM architecture and method for performing concurrent lookup operations |
US6467019B1 (en) * | 1999-11-08 | 2002-10-15 | Juniper Networks, Inc. | Method for memory management in ternary content addressable memories (CAMs) |
US6484170B2 (en) * | 1999-11-30 | 2002-11-19 | Mosaid Technologies, Inc. | Generating searchable data entries and applications therefore |
US6633567B1 (en) * | 2000-08-31 | 2003-10-14 | Mosaid Technologies, Inc. | Method and apparatus for searching a filtering database with one search operation |
US20020126672A1 (en) | 2001-01-10 | 2002-09-12 | Nelson Chow | Method and apparatus for a flexible and reconfigurable packet classifier using content addressable memory |
US20020163909A1 (en) | 2001-05-04 | 2002-11-07 | Terago Communications, Inc. | Method and apparatus for providing multi-protocol, multi-stage, real-time frame classification |
US7133409B1 (en) * | 2001-07-19 | 2006-11-07 | Richard Willardson | Programmable packet filtering in a prioritized chain |
Non-Patent Citations (1)
Title |
---|
Office Action, issued in U.S. Patent Application No. 09/910,119, mailed Mar. 17,2003. |
Also Published As
Publication number | Publication date |
---|---|
US6732228B1 (en) | 2004-05-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
USRE42135E1 (en) | Multi-protocol data classification using on-chip cam | |
US7719980B2 (en) | Method and apparatus for flexible frame processing and classification engine | |
US7133409B1 (en) | Programmable packet filtering in a prioritized chain | |
US7133400B1 (en) | System and method for filtering data | |
US8165125B2 (en) | Apparatus and method of classifying packets | |
CN101160825B (en) | System and method for efficient traffic processing | |
US7823195B1 (en) | Method, apparatus and computer program product for a network firewall | |
US8665868B2 (en) | Apparatus and method for enhancing forwarding and classification of network traffic with prioritized matching and categorization | |
US8296846B2 (en) | Apparatus and method for associating categorization information with network traffic to facilitate application level processing | |
US6772347B1 (en) | Method, apparatus and computer program product for a network firewall | |
US6625150B1 (en) | Policy engine architecture | |
US7474654B2 (en) | Method and system for classification of packets based on meta-rules | |
US8014390B2 (en) | Policy based routing using a fast filter processor | |
US8346918B2 (en) | Apparatus and method for biased and weighted sampling of network traffic to facilitate network monitoring | |
CN109845223B (en) | Enforcing network security policies using pre-classification | |
US7787463B2 (en) | Content aware apparatus and method | |
US7554984B2 (en) | Fast filter processor metering and chaining | |
US7751319B2 (en) | Method and processor for classifying data packet units | |
US20070115966A1 (en) | Compact packet operation device and method | |
US20030053460A1 (en) | Packet forwarding processing device | |
CN100534052C (en) | Network message processing using inverse pattern matching | |
US11588821B1 (en) | Systems and methods for access control list (ACL) filtering | |
US8176242B1 (en) | Apparatus and method for improving CAM usage | |
US7304992B2 (en) | Fast flexible filter processor based on range checking and a method of processing based thereon | |
US7697526B2 (en) | Packet filtering based on port bit map |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: NETWORK ELEMENTS, INC., OREGON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:WILLARDSON, RICHARD;REEL/FRAME:017843/0291 Effective date: 20010719 Owner name: TRIQUINT SEMICONDUCTOR, INC., OREGON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:NETWORK ELEMENTS, INC.;REEL/FRAME:017889/0312 Effective date: 20041217 Owner name: NULL NETWORKS LLC, NEVADA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:TRIQUINT SEMICONDUCTOR, INC.;REEL/FRAME:017878/0460 Effective date: 20050908 |
|
CC | Certificate of correction | ||
FPAY | Fee payment |
Year of fee payment: 8 |
|
FPAY | Fee payment |
Year of fee payment: 12 |
|
AS | Assignment |
Owner name: XYLON LLC, NEVADA Free format text: MERGER;ASSIGNOR:NULL NETWORKS LLC;REEL/FRAME:037057/0156 Effective date: 20150813 |
|
AS | Assignment |
Owner name: INTELLECTUAL VENTURES ASSETS 191 LLC, DELAWARE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:XYLON LLC;REEL/FRAME:062708/0435 Effective date: 20221222 |
|
AS | Assignment |
Owner name: INTELLECTUAL VENTURES ASSETS 186 LLC, DELAWARE Free format text: SECURITY INTEREST;ASSIGNOR:MIND FUSION, LLC;REEL/FRAME:063295/0001 Effective date: 20230214 Owner name: INTELLECTUAL VENTURES ASSETS 191 LLC, DELAWARE Free format text: SECURITY INTEREST;ASSIGNOR:MIND FUSION, LLC;REEL/FRAME:063295/0001 Effective date: 20230214 |
|
AS | Assignment |
Owner name: MIND FUSION, LLC, WASHINGTON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTELLECTUAL VENTURES ASSETS 191 LLC;REEL/FRAME:064270/0685 Effective date: 20230214 |
|
AS | Assignment |
Owner name: FINTEGRAPH, LLC, TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MIND FUSION, LLC;REEL/FRAME:066912/0311 Effective date: 20240326 |