System and method for supporting flexible forwarding domain boundaries in a high performance computing environment. In accordance with an embodiment, flexible forwarding domain boundaries can be supported by dividing/partitioning a physical switch into two or more logical switches, where each switch is logically in a different domain, and allowing a fabric to be decomposed into independent subnets with one two or more physical end ports at the physical switch. By doing so, the same hierarchical forwarding structure and management structure between subnets can be provided as when complete physical switches are used as building blocks.

Methods and devices for processing packets are provided. The processing device may include an input interface for receiving data units containing header information of respective packets; a first module configurable to perform packet filtering based on the received data units; a second module configurable to perform traffic analysis based on the received data units; a third module configurable to perform load balancing based on the received data units; and a fourth module configurable to perform route lookups based on the received data units.

A method of collecting statistics for a set of logical entities associated with a flow-based managed forwarding element. A statistics collection flow table is created for collecting statistics for logical entities. For each pair of logical entity and collected statistics type, a flow entry is added to the statistics collection flow table and includes a matching criteria for matching the identification the logical entity and the type of the statistics collected by the flow entry. When a particular statistics for a logical entity is to be updated during the processing of a packet by a flow table, the packet is submitted by the flow table to the statistics collection flow table. The statistics are updated for the logical entity by matching the identification of the logical entity and the particular statistics type with the matching criteria of a flow entry in the statistics collection flow table.

Disclosed are a method for message match table lookup, a system, a non-transitory computer-readable storage medium and a terminal. The method for message match table lookup includes: performing on-demand data bit width compression on information of a specified part of an input message; extracting N groups of data from compressed data, performing intra-group data comparison to obtain N groups of comparison results, and performing true value splicing on the N groups of comparison results, where N is an integer greater than 1; performing match searching of a ternary content addressable memory (TCAM) by using the true value splicing result as a keyword; and searching, according to a match hit result of the TCAM, for an Action Random Access Memory (Action RAM), and outputting, by the Action RAM, a table lookup request.

System and method for isolating network traffic of multiple users across a network of a computing platform. For example, a method includes receiving data at a networking device of a computing platform. The networking device includes a plurality of routing tables. Each routing table of the plurality of routing tables is associated with a different user of multiple users of the computing platform. A user of the multiple users is identified based at least in part on the received data. In response to identifying the user of the multiple users based at least in part on the received data, a routing table of the plurality of routing tables is identified based at least in part on the identified user. A route from the identified routing table is determined based at least in part on the received data. The received data is sent across a network of the computing platform according to the determined route. The method is performed using one or more processors.

In accordance with one example embodiment, a system configured for programming a network layer multicast address entry in a routing table of an ingress line card module is disclosed. The network layer multicast address entry includes a network layer address associated with at least one egress line card. The system is further configured for programming a data link layer multicast routing address entry in a routing table of a fabric card module in which the data link layer multicast routing address entry corresponds to the network layer multicast address entry.

Systems and methods for routing traffic through a network along Label-Switched Paths (LSPs) that may extend across multiple autonomous systems include performing Internet Protocol (IP) routing lookups as a packet is transmitted along the LSP. In one implementation, a packet having a predetermined value (which may be inserted by an upstream network device) is received at a network device after travelling along a first segment of an LSP. In response to identifying the predetermined label value of the packet, the network device may perform an IP routing lookup using IP routing information included in the packet to identify a next hop for the packet. The network device may then update a label of the packet such that the packet is routed along a second segment of the LSP and transmit the communication packet to the next hop.

A method for processing network communications, the method including receiving a network packet at a network device and performing at least one lookup for the packet in one or more first lookup tables in which the one or more first lookup tables are programmed to include at least one of an exact match or longest prefix match (LPM) table entry. The method includes obtaining a security source segment and a security destination segment based upon the result of the at least one lookup for the packet in the one or more first lookup tables. The method further includes performing a lookup in a second lookup table based upon the security source segment and security destination segment in which the second lookup table is programmed in a content addressable memory. Based upon the result of the lookup in the second lookup table, processing a forwarding decision for the packet according to the security source segment and security destination segment.

A system for automatically discovering fabric topology includes at least one or more processing units, one or more memory devices, a security processor, and a communication fabric with an unknown topology coupled to the processing unit(s), memory device(s), and security processor. The security processor queries each component of the fabric to retrieve various attributes associated with the component. The security processor utilizes the retrieved attributes to create a network graph of the topology of the components within the fabric. The security processor generates routing tables from the network graph and programs the routing tables into the fabric components. Then, the fabric components utilize the routing tables to determine how to route incoming packets.

A method is implemented by a network device to dynamically optimize lookup speed in a packet processing table maintained at the network device while the network device is in operation. The method includes determining one or more runtime metrics of the packet processing table, selecting a lookup algorithm for the packet processing table from a set of lookup algorithms supported by the network device based on the one or more runtime metrics of the packet processing table, and configuring the network device to match incoming packets against rules in the packet processing table using the selected lookup algorithm for the packet processing table.