An apparatus and method is disclosed for segment routing (SR) over label distribution protocol (LDP). In one embodiment, the method includes a node receiving a packet with an attached segment ID. In response, the node may attach a label to the packet. Thereafter, the node may forward the packet with the attached label and segment ID to another node via a label switched path (LSP).

Embodiments of the present invention relate to a Lookup and Decision Engine (LDE) for generating lookup keys for input tokens and modifying the input tokens based on contents of lookup results. The input tokens are parsed from network packet headers by a Parser, and the tokens are then modified by the LDE. The modified tokens guide how corresponding network packets will be modified or forwarded by other components in a software-defined networking (SDN) system. The design of the LDE is highly flexible and protocol independent. Conditions and rules for generating lookup keys and for modifying tokens are fully programmable such that the LDE can perform a wide variety of reconfigurable network features and protocols in the SDN system.

In one embodiment, a method includes performing, by a router, a destination address lookup of an IP packet in a Forwarding Information Base (FIB) and identifying, by the router, an equal cost multi-path (ECMP) object from the destination address lookup. The ECMP object includes a plurality of paths for forwarding the IP packet to a destination associated with a destination address. The method further includes determining, by the router, a source interface associated with the IP packet, determining, by the router, that the source interface matches an egress interface associated with a path among the plurality of paths, and communicating, by the router, the IP packet based on the path to the destination using the egress interface.

The present invention relates to a reconfigurable switch forwarding engine parser capable of disabling hardware Trojans. The parser comprises a data preprocessing unit, several cascaded basic processing units and an extraction unit, wherein a key path of a basic processing unit of the first stage extracts and shifts a key bit keyword of a key, and sends a result to a data path of the current stage and a key path of the next stage; basic processing units of other stages carry out keyword extraction and shifting on a key frame and the data frame in sequence; and the extraction unit extracts the key frame and the data frame from a basic processing unit of the last stage, and forwards same to a subsequent packet processing part. The present invention can be widely applied to the design of the switch forwarding engine parser.

Prefix compression routes provided via exact match using redirection and mirroring Forwarding Equivalence Class entries in hardware. In a network device, a first table is stored having a first entry, a second table is stored having a second entry, and a third table is stored having a third entry including routing information for routing data packets. The first entry references a first memory location in the second table, the second memory location stores the second entry, and the second entry referencing a second memory location in the third table. A data packet is received, and the first entry is accessed based on a destination address of the data packet. Routing information is obtained as a result of accessing the first entry. The data packet is sent by the network device according to the routing information.

System and method for isolating network traffic of multiple users across a network of a computing platform. For example, a method includes receiving data at a networking device of a computing platform. The networking device includes a plurality of routing tables. Each routing table of the plurality of routing tables is associated with a different user of multiple users of the computing platform. A user of the multiple users is identified based at least in part on the received data. In response to identifying the user of the multiple users based at least in part on the received data, a routing table of the plurality of routing tables is identified based at least in part on the identified user. A route from the identified routing table is determined based at least in part on the received data. The received data is sent across a network of the computing platform according to the determined route. The method is performed using one or more processors.

A method for automatically establishing an address-port mapping table of a switching device in an interconnect fabric uses hardware link-up and link-down processes to build and update the lowest cost (e.g., shortest path) port entries in the mapping table. Traffic loops are precluded by comparing cost values based on the source addresses of the devices in the interconnect fabric, without blocking any particular port.

A method for setting up forwarding tables is described. A USAT part for a node is received. The USAT part includes glow definitions and a FGPL. Each glow describes network traffic flows and role instructions for the flows. Each FGP describes a role for the switching node; a validity rule; and relevant network topology. The method also includes determining a selected active FGP in the FGPL using the validity rule for the FGP, a network state and the ordering of the FGPs; initializing the glows, requesting a role identification to perform based on the selected FGP, determining the role instructions and instructing the TMS to update tables accordingly; and storing entries in software tables based on glows and the role instructions for the identified role, dynamically resolving conflicts among entries, and granting table updates to hardware tables. The tables include a software table for each hardware memory for forwarding packets.

An apparatus and method is disclosed for segment routing (SR) over label distribution protocol (LDP). In one embodiment, the method includes a node receiving a packet with an attached segment ID. In response, the node may attach a label to the packet. Thereafter, the node may forward the packet with the attached label and segment ID to another node via a label switched path (LSP).

Systems and methods implement multi-channel communication by remapping Ethernet frames. An Ethernet frame is captured leaving a first bridge of an Ethernet switch. A destination address of the Ethernet frame is matched to a remap rule and to a filter defined for the remap rule. The destination address of the Ethernet frame is updated based upon the remap rule, and the Ethernet frame is output to an Ethernet port corresponding to the updated destination address of the Ethernet frame. The remap rule and the filter allow the Ethernet switch to route traffic at an OSI model layer-4 level.