| 发明名称 |
Multiple inspection avoidance (MIA) using a protection scope |
| 摘要 |
A multiple inspection avoidance (MIA) technique is implemented in a virtualized environment. Preferably, the technique is implemented in a packet processing unit (PPU) and takes advantage of a protection scope determined in an automated manner. The protection scope may be MAC-based. The MIA technique ensures that the same packet is not inspected more than once by a same packet processing unit (PPU), and that the same packet is not inspected more than once by different PPUs. According to this disclosure, when a PPU implementing MIA receives a packet, it uses the protection scope to determine whether it needs to process the packet. Preferably, the determination of whether to process the packet depends on the source and destination addresses in the packet, whether those addresses are being protected by the PPU that receives the packet, the direction of the packet flow, and optionally one or more packet processing rules. |
| 申请公布号 |
US2014310796(A1) |
申请公布日期 |
2014.10.16 |
| 申请号 |
US201313861010 |
申请日期 |
2013.04.11 |
| 申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
Lee Cheng-Ta;Douglass Jeffrey Lawrence;Sachdev Deepti |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method of multiple packet inspection avoidance for a virtual network, the method being implemented in association with a packet inspection engine, comprising:
receiving data defining a protection scope; receiving a data packet, the data packet including source and destination address information; determining, using the protection scope and the source and destination address information, whether to inspect the data packet by the packet inspection engine; and based on the determination, taking a given action, the given action being one of: inspecting the data packet by the packet inspection engine, and bypassing inspection of the data packet. |
| 地址 |
Armonk NY US |
