Claims
- 1. A network device for network communications, said network device comprising:
at least one data port interface, said at least one data port interface supporting at least one data port transmitting and receiving data; a CPU interface, said CPU interface configured to communicate with a CPU; a memory, said memory communicating with said at least one data port interface; a memory management unit, said memory management unit including a memory interface for communicating data from said at least one data port interface and said memory; a communication channel, said communication channel for communicating data and messaging information between said at least one data port interface, the CPU interface, said memory, and said memory management unit; and a fast filtering processor, said fast filtering processor filtering packets coming into the at least one data port interface, and taking selective filter action on a particular packet of said packets based upon specified packet field values; wherein said specified packet field values are obtained by applying a filter mask, obtained from a field table, to the particular packet and the selective filter action is obtained from a policy table based on the specified packet field values.
- 2. A network device as recited in claim 1, wherein said fast filtering processor is programmable by inputs from the CPU through the CPU interface.
- 3. A network device as recited in claim 1, wherein one data port interface includes a flow table interface and a flow table thereupon, wherein said specified packet field values are used to obtain a policy value from the flow table and the selective filter action is obtained from a policy table based on the policy value.
- 4. A network device as recited in claim 3, wherein said at least one data port interface, CPU interface, memory, memory management unit, communications channel, fast filtering processor, and said flow table are implemented on a common semiconductor substrate.
- 5. A network device as recited in claim 1, wherein said specified packet field values are selected based upon flows of data packets through the network device.
- 6. A network device as recited in claim 1, wherein said flows of data packets are defined by at least one of a source internet protocol address, a destination internet protocol address, a source media access controller address, a destination media access controller address and a protocol for the particular packet.
- 7. A network switch as recited in claim 1, said fast filtering processor comprising a priority assignment unit for assigning a weighted priority value to untagged packets entering the at least one data port interface.
- 8. A network switch as recited in claim 1, wherein the fast filtering processor filters the packets independent of the CPU interface, and therefore without communicating with the CPU.
- 9. A network switch as recited in claim 1, wherein the fast filtering processor includes a tagging unit which applies an IEEE defined tag to incoming packets, said IEEE defined tag identifying packet parameters.
- 10. A network switch as recited in claim 9, wherein said packet parameters include class-of-service.
- 11. A method of handling data packets in a network device, said method comprising:
placing incoming packets into an input queue; applying the input data packets to an address resolution logic engine; performing a lookup to determine whether certain packet fields are stored in a lookup table; filtering the incoming packet through a fast filtering processor based on specified packet field values obtained from the incoming packets to obtain a selective filter action; and discarding, forwarding, or modifying the packet based upon the filtering; and wherein the selective filter action is obtained from a policy table based on the specified packet field values.
- 12. A method as recited in claim 11, further comprising:
obtaining a policy value from a flow table based on said specified packet field values; and obtaining the selective filter action from a policy table based on the policy value.
- 13. A method as recited in claim 11, wherein said steps of performing a lookup and filtering the incoming packet through a fast filtering processor are performed concurrently.
- 14. A method as recited in claim 11, wherein said step of filtering the incoming packet through a fast filtering processor comprises filtering the incoming packet based on specified packet field values selected based upon flows of data packets through the network device.
- 15. A method as recited in claim 11, wherein filtering the incoming packet includes a step of tagging the incoming packet with an IEEE defined tag.
- 16. A method as recited in claim 12, wherein said IEEE defined tag defines packet parameters, including class-of-service priority.
- 17. A network device for handling data packets, said network device comprising:
placing means for placing incoming packets into an input queue; applying means for applying the input data packets to an address resolution logic engine; performing means for performing a lookup to determine whether certain packet fields are stored in a lookup table; filtering means for filtering the incoming packet through a fast filtering processor based on specified packet field values obtained from the incoming packets to obtain a selective filter action; and means for discarding, forwarding, or modifying the packet based upon the filtering; and wherein the selective filter action is obtained from a policy table based on the specified packet field values.
- 18. A network device as recited in claim 17, further comprising:
obtaining means for obtaining a policy value from a flow table based on said specified packet field values; and obtaining means for obtaining the selective filter action from a policy table based on the policy value.
- 19. A network device as recited in claim 17, wherein said performing means and said filtering means are configured to perform their respective functions concurrently.
- 20. A network device as recited in claim 17, wherein said filtering means comprises filtering means for filtering the incoming packet based on specified packet field values selected based upon flows of data packets through the network device.
- 21. A network device as recited in claim 17, wherein said filtering means comprises tagging means for tagging the incoming packet with an IEEE defined tag.
- 22. A network device as recited in claim 21, wherein said IEEE defined tag defines packet parameters, including class-of-service priority.
REFERENCE TO RELATED APPLICATIONS
[0001] This application claims priority of U.S. Provisional Patent Application Serial No. 60/364,150, filed on Mar. 15, 2002, and U.S. Provisional Patent Application Serial No. 60/414,345, filed on Sep. 30, 2002. The contents of the provisional applications are hereby incorporated by reference.
Provisional Applications (2)
|
Number |
Date |
Country |
|
60364150 |
Mar 2002 |
US |
|
60414345 |
Sep 2002 |
US |