The following abbreviations are herewith defined, at least some of which are referred to within the following description of the state-of-the-art and the present invention.    ACL Access Control List    AOS Alcatel Operating System    CMM Chassis Management Module    DMAC Destination MAC (address)    GE Gigabit Ethernet    IP Internet Protocol    IP Sec Internet Protocol Security    LAN Local Area Network    MAC Media Access Control    NAT Network Address Translation    NIC Network Interface Card (Controller)    OE Offload Engine    OSPF Open Shortest Path First    PCI Peripheral Component Interface    PCIe PCI express    WAN Wide Area Network    VID VLAN ID    VRF Virtual Routing and Forwarding    VRRP Virtual Router Redundancy Protocol    XAUI 10 Gigabit Attachment Unit Interface
Computers and computing devices such as servers may be linked together to form communication networks. Such networks may be used for applications such as email, voice communication, and data sharing. Individual computing devices such as personal computers and tablets may access servers to store or retrieve data and use computing resources available there. In addition to the computing devices themselves, communications networks also typically include a number of bridges, switches, routers, and similar devices that facilitate moving data traffic from one part of the network to another.
User devices and servers at a particular location may be connected together to form a LAN, or local area network. Employees at a company or students at a university, for example, may in this way communicate with each other and share computing resources. At some location, more than one LAN may be in place and the various LANs may be connected at one or more routers that are capable of forwarding traffic from one LAN to another. The router may also route traffic from the LANs to an outside network, such as a WAN (wide area network). In this way, a user on one of the LANs may, for example, access the Internet or communicate with users at distant locations.
Unfortunately, providing a broad, almost universal access to communications poses some risks. Malicious users, sometimes referred to as hackers, may seek to infiltrate computer networks for the purpose of stealing or destroying data belonging to others or to affect the ability of their computers to function properly. This may be done by transmitting malware or viruses that cause the computer to function in a harmful manner not intended by their operators.
For this reason, security programs such as firewalls may be implemented to inspect data traffic at certain locations in an attempt to detect and eliminate harmful programs or data. A router where two or more networks such as WANs and LANs converge is an ideal place for such an application to run.
There are challenges, however. Not all of the traffic passing though the router needs to be screened, and there is a need to make efficient use of the computing resources of the router. As another example, some networks use private IP addresses and translation boundaries must be crossed although this will not affect all traffic passing through. These challenges are among those addressed by the present invention.