A system and method for protocol independent receive side scaling (RSS) includes storing a plurality of RSS hash M-tuple definitions, each definition corresponding to one of a set of possible protocol header combinations for routing an incoming packet, the set of possible protocol header combinations being modifiable to include later-developed protocols. Based on initial bytes of the incoming packet, a pattern of protocol headers is detected, and used to select one of the plurality of RSS hash M-tuple definitions. The selected RSS hash M-tuple definition is applied as a protocol-independent arbitrary set of bits to the headers of the incoming packet to form a RSS hash M-tuple vector, which is used to compute a RSS hash. Based on the RSS hash, a particular queue is selected from a set of destination queues identified for the packet, and the packet is delivered to the selected particular queue.

A method performed by a node of a communications network such as a virtual routing function or policy enforcement node comprises receiving at least one packet, such as an internet protocol packet having an associated address and obtaining one or more metrics. The method involves dynamically configuring a longest-prefix match process on the basis of at least the metric(s). The dynamically configured longest-prefix match process is used with the associated address to identify an action and the identified action is applied to the packet.

A method and system for propagating network traffic flows between end points based on service and priority policies. Specifically, the method and system disclosed herein entail configuring network elements with network-disseminated traffic management policies. Each traffic management policy guides the handling of a network traffic flow between origination and termination end points (i.e., source and destination hosts), which may be defined through data link layer, network layer, and/or transport layer header information, as well as group assignment information, associated with the source and destination hosts.

Techniques for implementing multi-table OpenFlow using a parallel hardware table lookup architecture are provided. In certain embodiments, these techniques include receiving, at a network device from a software-defined networking (SDN) controller, flow entries for installation into flow tables of the network device, where the flow entries are structured in a manner that assumes the flow tables can be looked-up serially by a packet processor of the network device, but where the flow tables are implemented using hardware lookup tables (e.g., TCAMs) that can only be looked-up in parallel by the packet processor. The techniques further include converting, by the network device, the received flow entries into a format that enables the packet processor to process ingress network traffic correctly using the flow entries, despite the packet processor's parallel lookup architecture, and installing the converted flow entries into the flow tables/hardware lookup tables.

Approaches, techniques, and mechanisms are disclosed for maintaining efficient representations of prefix tables for utilization by network switches and other devices. In an embodiment, the performance of a network device is greatly enhanced using a working representation of a prefix table that includes multiple stages of prefix entries. Higher-stage prefixes are stored in slotted pools. Mapping logic, such as a hash function, determines the slots in which a given higher-stage prefix may be stored. When trying to find a longest-matching higher-stage prefix for an input key, only the slots that map to that input key need be read. Higher-stage prefixes may further point to arrays of lower-stage prefixes. Hence, once a longest-matching higher-stage prefix is found for an input key, the longest prefix match in the table may be found simply by comparing the input key to lower-stage prefixes in the array that the longest-matching higher-stage prefix points to.

A system administrator can specify NAT mappings to perform NAT translations in a switch. The administrator can specify an ACL to filter packets to be translated. Filter rules generated from the ACL are stored in a first memory store in a switch and NAT rules generated from the NAT mappings are stored in a second memory store separate from the first memory store. When a packet matches one of the filter rules a tag that identifies the ACL is associated with the packet. When the tagged packet matches one of the NAT rules, the packet is translated according to the matched NAT rule.

A network switch and associated method of operation for establishing a low latency transmission path through the network which bypasses the packet queue and scheduler of the switch fabric. The network switch transmits each of a plurality of data packets to the identified destination egress port over the low latency transmission if the data packet is identified to be transmitted over the low latency transmission path from the ingress port to the destination egress port, and transmits the data packet to the destination egress port through the packet queue and scheduler if the data packet is not identified to be transmitted over the low latency transmission path from the ingress port to the destination egress ports.

An algorithmic TCAM based ternary lookup method is provided. The method stores entries for ternary lookup into several sub-tables. All entries in each sub-table have a sub-table key that includes the same common portion of the entry. No two sub-tables are associated with the same sub-table key. The method stores the keys in a sub-table keys table in TCAM. Each key has a different priority. The method stores the entries for each sub-table in random access memory. Each entry in a sub-table has a different priority. The method receives a search request to perform a ternary lookup for an input data item. A ternary lookup into the ternary sub-table key table stored in TCAM is performed to retrieve a sub-table index. The method performs a ternary lookup across the entries of the sub-table associated with the retrieved index to identify the highest priority matched entry for the input data item.

In some implementations, a method is provided. The method includes determining a plurality of field sets and a plurality of field set groups. Each field set of the plurality of field sets comprises one or more packet characteristics. Each field set group of the plurality of field set groups comprises one or more field sets from the plurality of field sets. Each field set group is associated with one or more packet classifier rules. The method also includes determining a set of encoded labels for the plurality of field sets based on a set of rule costs and intersections between field set groups. Each encoded label of the set of encoded labels is associated with a respective field set of the plurality of field sets. The method further includes generating a plurality of entries in a memory based on the set of encoded labels. At least one entry comprises an encoded label from the set of encoded labels and at least a portion of a packet classifier rule.

Systems and methods of using a packet order work (POW) scheduler to assign packets to a set of scheduler queues for supplying packets to parallel processing units. A processing unit and the associated scheduler queue is dedicated to a specific flow until a queue-reallocation event, which may correspond to the associated scheduler queue being idle for at least a certain interval as indicated by its age counter, or the queue being the least recently used, when a new flow arrives. In this case, the scheduler queue and the associated processing unit may be reallocated to the new flow and disassociated with the previous flow. As a result, dynamic packet workload balancing can be advantageously achieved across the multiple processing paths.