Stateful connection policy filtering

Stateful connection policy filtering

A method for performing stateful processing of a packet at a flow-based managed forwarding element (MFE) is provided. The method sends a first packet from the MFE to a connection tracker that stores headers of a set of original direction packets that each established a new connection. The method rec...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Stringer, Jonathan, Pettit, Justin, Rajahalme, Jarno, Pfaff, Ben, Sevinc, Soner
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A method for performing stateful processing of a packet at a flow-based managed forwarding element (MFE) is provided. The method sends a first packet from the MFE to a connection tracker that stores headers of a set of original direction packets that each established a new connection. The method receives, from the connection tracker, the first packet with the header of an original direction packet associated with the first packet appended to the first packet. The header of the original direction packet includes (i) a second set of IP addresses different than a first set of IP addresses of the first packet and (ii) stateful connection status information. The method replaces a first set of IP addresses of the first packet with the second set of IP addresses and performs a matching operation on the packet based on the second set of IP addresses and the stateful connection status information.