Rule lookup using predictive tuples based rule lookup cache in the data plane

Rule lookup using predictive tuples based rule lookup cache in the data plane

This disclosure describes an approach to handle packets that arrive at a network security device, such as a router. At a data plane of the security device, packet identifiers included in an incoming packet not currently belonging to an IP session of the device are compared to packet identifiers stor...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Venkataramanan, Subhashini A, Addepalli, Srinivasa R
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:This disclosure describes an approach to handle packets that arrive at a network security device, such as a router. At a data plane of the security device, packet identifiers included in an incoming packet not currently belonging to an IP session of the device are compared to packet identifiers stored in a table stored in a memory of the security device. The incoming packet identifiers includes a source IP, a destination IP, a protocol, a destination port, and a source port while the identifiers stored in the table do not include the source port. A new session is established for the incoming packet in response to the set of packet identifiers matching one of the entries in the table.