The present invention relates generally to the field of network computing and, more specifically, to the classification of packets within a data stream in a computer network.
Traffic filters are widely utilized within network devices, such as routers, routing switches, switches and bridges, to selectively handle network traffic, which may be in the form of packets, frames, cells or data grams. Traffic filters are typically employed to block, forward, log or prioritize certain network traffic as it traverses a network device. In order to perform these functions, traffic filters examine the contents of information fields included within packet headers.
Traffic filters may be broadly categorized as being either inbound traffic filters, which act on packets coming into a network device, or outbound traffic filters, which act on packets the network device is forwarding. Inbound traffic filters are employed primarily for security reasons, and block certain traffic from reaching destination nodes within a network. Outbound traffic filters are primarily used to ensure timely delivery of critical data. It is furthermore possible to implement more than one traffic filter within a single device with a view to ensuring consistent service, reducing network congestion by minimizing the flow of unnecessary traffic, prioritizing important traffic and enhancing security. It will readily be appreciated that the identification and classification of packets within a data stream received at network device is fundamental to the performance of the above traffic filtering operations.
As transmission rates over network links (and the operating speeds of switching and routing circuitry within network devices) increase, the timely classification of packets by traffic filters is becoming increasingly challenging.
An apparatus for classifying a packet within a data stream within a network includes a hardwire state machine defining a predetermined set of states and a predetermined set of transitions between these states. The state machine is further configured to output a value indicative of the classification of the packet. The apparatus further includes a programmable memory, coupled to the state machine, to store transition parameters for each of the transitions between the states so as to allow transition conditions to be programmable.
Other features of the present invention will be apparent from the accompanying drawings and from the detailed description that follows.