In some embodiments, a method sets a threshold for utilization of a first table, wherein the utilization is based on layer 3 addresses and layer 2 addresses being stored in the first table. When a utilization of the first table does not meet the threshold, the method stores a layer 3 address in the first table. The first table uses a first type of lookup to determine a next hop address for the layer 3 addresses or the layer 2 addresses, and the first table also stores one or more layer 2 addresses. When the utilization of the first table meets the threshold, the method stores the layer 3 address in a second table where the second table uses a second type of lookup to determine the next hop address for layer 3 addresses.

In some embodiments, a method sets a threshold for utilization of a first table, wherein the utilization is based on layer 3 addresses and layer 2 addresses being stored in the first table. When a utilization of the first table does not meet the threshold, the method stores a layer 3 address in the first table. The first table uses a first type of lookup to determine a next hop address for the layer 3 addresses or the layer 2 addresses, and the first table also stores one or more layer 2 addresses. When the utilization of the first table meets the threshold, the method stores the layer 3 address in a second table where the second table uses a second type of lookup to determine the next hop address for layer 3 addresses.

A method for processing network communications, the method including receiving a network packet at a network device and performing at least one lookup for the packet in one or more first lookup tables in which the one or more first lookup tables are programmed to include at least one of an exact match or longest prefix match (LPM) table entry. The method includes obtaining a security source segment and a security destination segment based upon the result of the at least one lookup for the packet in the one or more first lookup tables. The method further includes performing a lookup in a second lookup table based upon the security source segment and security destination segment in which the second lookup table is programmed in a content addressable memory. Based upon the result of the lookup in the second lookup table, processing a forwarding decision for the packet according to the security source segment and security destination segment.

A method for processing network communications, the method including receiving a network packet at a network device and performing at least one lookup for the packet in one or more first lookup tables in which the one or more first lookup tables are programmed to include at least one of an exact match or longest prefix match (LPM) table entry. The method includes obtaining a security source segment and a security destination segment based upon the result of the at least one lookup for the packet in the one or more first lookup tables. The method further includes performing a lookup in a second lookup table based upon the security source segment and security destination segment in which the second lookup table is programmed in a content addressable memory. Based upon the result of the lookup in the second lookup table, processing a forwarding decision for the packet according to the security source segment and security destination segment.

Source routing techniques include sending data across several networks, while limiting source routing overhead. For example, the source routing techniques may use a first address format to route data to nodes along a routing path that are within a first network where a source node is located, and use a second address format to route the data to a node along the routing path that is within a second, different network. The node in the second network may similarly route the data through the second network using the first address format for nodes within the second network and, if needed, route the data to a node within a third network using the second address format. This may be repeated for any number of networks to reach a destination.

Source routing techniques include sending data across several networks, while limiting source routing overhead. For example, the source routing techniques may use a first address format to route data to nodes along a routing path that are within a first network where a source node is located, and use a second address format to route the data to a node along the routing path that is within a second, different network. The node in the second network may similarly route the data through the second network using the first address format for nodes within the second network and, if needed, route the data to a node within a third network using the second address format. This may be repeated for any number of networks to reach a destination.

A routing device including a memory and a processor. The memory stores instructions. The processor is configured to execute the instructions to receive a signed route origin authorization (ROA), which includes a blockchain hash, and a border gateway protocol (BGP) update message, which includes one or more routes. The processor is further configured to implement a Route Origin Validation (ROV) process using the blockchain hash in the signed ROA to determine whether the one or more routes in the BGP update message are valid; update a routing table to include the one or more routes from the BGP update message when the one or more routes are determined to be valid by the ROV process; and refrain from updating the routing table with the one or more routes from the BGP update message when the one or more routes are determined to be invalid by the ROV process.

A routing device including a memory and a processor. The memory stores instructions. The processor is configured to execute the instructions to receive a signed route origin authorization (ROA), which includes a blockchain hash, and a border gateway protocol (BGP) update message, which includes one or more routes. The processor is further configured to implement a Route Origin Validation (ROV) process using the blockchain hash in the signed ROA to determine whether the one or more routes in the BGP update message are valid; update a routing table to include the one or more routes from the BGP update message when the one or more routes are determined to be valid by the ROV process; and refrain from updating the routing table with the one or more routes from the BGP update message when the one or more routes are determined to be invalid by the ROV process.

Described are programmable input output (IO) devices comprising: an match processing unit (MPU) and a memory unit. The MPU comprising at least one arithmetic logic unit (ALU). The memory unit having instructions stored thereon which, when executed by the respective programmable IO device, cause the programmable IO device to perform operations. These operations comprise: receiving, from an inbound interface, a packet comprising packet data for at least one range-based element; determining, via the MPU, a lookup result by performing a modified binary search on an interval binary search tree with the packet data to determine a longest prefix match (LPM), wherein the interval binary search tree maps the at least one range-based element to an associated data element; and classifying the packet based on the lookup result.

Described are programmable input output (IO) devices comprising: an match processing unit (MPU) and a memory unit. The MPU comprising at least one arithmetic logic unit (ALU). The memory unit having instructions stored thereon which, when executed by the respective programmable IO device, cause the programmable IO device to perform operations. These operations comprise: receiving, from an inbound interface, a packet comprising packet data for at least one range-based element; determining, via the MPU, a lookup result by performing a modified binary search on an interval binary search tree with the packet data to determine a longest prefix match (LPM), wherein the interval binary search tree maps the at least one range-based element to an associated data element; and classifying the packet based on the lookup result.