Existing techniques for packet/frame inspection and processing are based on what could be described as “out-of-band” processing. Out-of-band processing occurs when processing and forwarding a “packet/frame” (packet and/or frame) requires substantially more time than the time required for receiving the packet/frame. A packet/frame typically arrives at various networking elements as streams of bits. The various networking elements can include various components such as switches, routers, and firewalls or intrusion detection systems (IDS), which terminate the streams of bits at the transceiver port, where the packets and/or frames are then processed as units.
For example, when an Ethernet layer 2 switch receives an Ethernet frame, the Ethernet frame is forwarded to an output port that is defined by the Ethernet header. The switch can forward the frame as soon as the switch receives the Ethernet header bits (as in a “cut-through” device). Alternatively, the Ethernet frame can be forwarded after receiving and processing the entire Ethernet frame (as in a store and forward device). Receiving an Ethernet header typically occurs in around one microsecond when using the 100 BASET-T Ethernet standard. However, an Ethernet frame typically requires tens to hundreds of microseconds to process and forward. Routers typically may require even more time to forward packets than switches.
Conventional systems (which perform “out-of-band” processing) typically cannot forward a packet or frame using “in-band processing” because the inspection and processing typically require substantially more time than the time required for forwarding. Examples of inspection and processing by switches and routers can include blocking certain traffic based upon an access control list (ACL) by examining the frame/packet headers while performing the forwarding and routing function. Routers can also be tasked with firewall or IDS functions such as virus or worm checking. In addition to greater management burdens, such processing often requires that the processor withhold the frame or packet for substantially more time than the time required to forward the packet/frame.