Hardware implementation of complex firewalls using chaining technique

Assignee

• Juniper Networks, Inc. · US

Inventors

• Venkatasubramanian Swaminathan · San Jose, US
• Deepak Goel · San Jose, US
• Jianhui Huang · Beijing, CN
• John Keen · Mountain View, US
• Jean-Marc Frailong · Los Altos Hills, US
• Srinivasan Jagannadhan · Sunnyvale, US
• Srilakshmi Adusumalli · San Jose, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0209
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A firewall device may include a forwarding component that includes a filter block. The filter block may obtain a first hardware-implemented filter, where a hardware implementation limits the first hardware-implemented filter to a maximum quantity of rules; determine whether a last rule associated with the accessed hardware-implemented filter includes a split-filter action, where the split-filter action identifies a second hardware-implemented filter; and link the second hardware-implemented filter to the first hardware-implemented filter to make the second hardware-implemented filter a logical continuation of the first hardware-implemented filter, in response to determining that the last rule includes the split-filter action. The filter block may further determine whether a particular rule of the first hardware-implemented filter includes a next-filter action, where the next filter action identifies a third hardware-implemented filter; and process the third hardware-implemented filter independently of the sequence of hardware attachment points.