Enterprise or data center networks are often large, and run a wide variety of applications and protocols. Forwarding behaviors of packets on a router in such networks are governed by policies, generated by routing protocols, such as BGP, ISIS, OSPF, or network manager. Each policy is described as a flow rule, which comprises a flow identifier, an action, and a priority.
The flow identifier defines the set of packets the policy is applied to, and consists of a set of tuples. Each tuple corresponds to a header field (e.g. source IP, destination IP, source port, destination port and etc), and has a value and mask to support wild-card matching. For instance, a policy generated by BGP has (destination_ip, mask) as the flow identifier.
The action specifies the forwarding behaviors (e.g. egress port, destination MAC, class of service, counter action) of packets to be implemented by the router if the packet matches the flow identifier. When a packet qualifies for multiple flow rules, its forwarding behavior is dictated by the rule with highest priority.
Routers often provide multiple hardware tables for implementing flow rules, such as a Media Access Control (MAC) table, LPM, an MPLS table, and an ACL table. The hardware tables may vary in size from one router to the next. The ACL table is often a more expensive hardware resource on the router, because it can classify traffic using much wider flow identifiers (200˜300 bits in the packet header) than MAC/LPM/MPLS tables (20˜48 bits in the packet header). Additionally, because of its capabilities, the ACL table is most often used to store flow rules for forwarding packets. Accordingly, a system and method for more efficiently managing the flow of packets on a router is desired.