Systems and methods of network packet switching use a table representation of a trie data structure to identify a timestamp (TS) range (or time range) for a received packet based on the packet timestamp (TS). The trie data structure is programmed with a plurality of predetermined time ranges. Each node in the trie data structure corresponds to a TS prefix and is associated with a corresponding predetermined time range. A search engine in the network switch can use the packet TS as a key to traverse the trie data structure and thereby matching the packet TS to a predetermined time range according to a Longest Prefix Match (LPM) process. Provided with the TS ranges of the incoming packets, various applications and logic engines in the network switch can accordingly process the packets, such as determining a new destination IP address and performing channel switch accordingly.

In one embodiment, a packet processing apparatus includes interfaces, a memory to store a representation of a routing table as a binary search tree of address prefixes, and store a marker with an embedded prefix including k marker bits providing a marker for an address prefix of a node corresponding to a prefix length greater than k, and n additional bits, such that the k marker bits concatenated with the n additional bits provide another address prefix, packet processing circuitry configured upon receiving a data packet having a destination address, to traverse the binary search tree to find a longest prefix match, compare a key with the k marker bits, extract an additional n bits from the destination address, and compare the extracted n bits with the n additional bits, and process the data packet in accordance with a forwarding action indicated by the longest prefix match.

In one embodiment, a packet processing apparatus includes interfaces, a memory to store a representation of a routing table as a binary search tree of address prefixes, and store a marker with an embedded prefix including k marker bits providing a marker for an address prefix of a node corresponding to a prefix length greater than k, and n additional bits, such that the k marker bits concatenated with the n additional bits provide another address prefix, packet processing circuitry configured upon receiving a data packet having a destination address, to traverse the binary search tree to find a longest prefix match, compare a key with the k marker bits, extract an additional n bits from the destination address, and compare the extracted n bits with the n additional bits, and process the data packet in accordance with a forwarding action indicated by the longest prefix match.

What is disclosed is tagging a first flow of a multi-tenant virtual private network (VPN) with a first tag. Continuously tracking, based on the first tag, the first flow of the multi-tenant VPN. Capturing one or more characteristics of the first flow of the multi-tenant VPN. Categorizing the first flow of the multi-tenant VPN based on the one or more characteristics of the first flow. Providing the categorization of the first flow to a first tenant of the multi-tenant VPN. Receiving, based on input from the first tenant and the categorization of the first flow, a first policy. Enforcing the first policy on the first flow based on the first tag of the first flow and the continuous tracking of the first flow.

What is disclosed is tagging a first flow of a multi-tenant virtual private network (VPN) with a first tag. Continuously tracking, based on the first tag, the first flow of the multi-tenant VPN. Capturing one or more characteristics of the first flow of the multi-tenant VPN. Categorizing the first flow of the multi-tenant VPN based on the one or more characteristics of the first flow. Providing the categorization of the first flow to a first tenant of the multi-tenant VPN. Receiving, based on input from the first tenant and the categorization of the first flow, a first policy. Enforcing the first policy on the first flow based on the first tag of the first flow and the continuous tracking of the first flow.

In some embodiments, a method sets a threshold for utilization of a first table, wherein the utilization is based on layer 3 addresses and layer 2 addresses being stored in the first table. When a utilization of the first table does not meet the threshold, the method stores a layer 3 address in the first table. The first table uses a first type of lookup to determine a next hop address for the layer 3 addresses or the layer 2 addresses, and the first table also stores one or more layer 2 addresses. When the utilization of the first table meets the threshold, the method stores the layer 3 address in a second table where the second table uses a second type of lookup to determine the next hop address for layer 3 addresses.

In some embodiments, a method sets a threshold for utilization of a first table, wherein the utilization is based on layer 3 addresses and layer 2 addresses being stored in the first table. When a utilization of the first table does not meet the threshold, the method stores a layer 3 address in the first table. The first table uses a first type of lookup to determine a next hop address for the layer 3 addresses or the layer 2 addresses, and the first table also stores one or more layer 2 addresses. When the utilization of the first table meets the threshold, the method stores the layer 3 address in a second table where the second table uses a second type of lookup to determine the next hop address for layer 3 addresses.

A network element and method for programming a network element that includes detecting an update to a first route in a routing information base (RIB) is disclosed. The method includes locating a first route network prefix associated with the first route within a network prefix trie (NPT); determining that, prior to the update, a first parent network prefix and the first route network prefix were reachable using a pair of different next hops connected to the network element; and determining that, after the update, the first parent network prefix and the first route network prefix are reachable using a first common next hop connected to the network element. The method also includes removing an existing forwarding information base (FIB) entry in the FIB associated with the first route network prefix.

A network element and method for programming a network element that includes detecting an update to a first route in a routing information base (RIB) is disclosed. The method includes locating a first route network prefix associated with the first route within a network prefix trie (NPT); determining that, prior to the update, a first parent network prefix and the first route network prefix were reachable using a pair of different next hops connected to the network element; and determining that, after the update, the first parent network prefix and the first route network prefix are reachable using a first common next hop connected to the network element. The method also includes removing an existing forwarding information base (FIB) entry in the FIB associated with the first route network prefix.

Managing prefix lists at edge devices can include detecting, at an edge device, a traffic flow that can include a packet that specifies a destination address. The edge device can measure a bandwidth associated with the traffic flow, identify a flow bandwidth threshold defined for the edge device, and determine if the bandwidth associated with the traffic flow satisfies the flow bandwidth threshold. If a determination is made that the bandwidth associated with the traffic flow satisfies the flow bandwidth threshold, the edge device can include the destination address in a prefix list stored at the edge device. If a determination is made that the bandwidth associated with the traffic flow does not satisfy the flow bandwidth threshold, the edge device can omit the destination address from the prefix list stored at the edge device.