US 11,856,031 B2
Scalable network processing segmentation
Adam James Sweeney, San Jose, CA (US)
Assigned to Arista Networks, Inc., Santa Clara, CA (US)
Filed by Arista Networks, Inc., Santa Clara, CA (US)
Filed on Nov. 8, 2022, as Appl. No. 18/053,499.
Application 18/053,499 is a continuation of application No. 16/898,020, filed on Jun. 10, 2020, granted, now 11,522,917.
Prior Publication US 2023/0069318 A1, Mar. 2, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 45/748 (2022.01); H04L 45/00 (2022.01); H04L 45/745 (2022.01)
CPC H04L 63/20 (2013.01) [H04L 45/34 (2013.01); H04L 45/748 (2013.01); H04L 45/74591 (2022.05); H04L 63/101 (2013.01)] 19 Claims
OG exemplary drawing
 
9. A system for programming a consolidated security segment table in a dedicated content-addressable memory (CAM) of a network device, the system comprising:
at least one processor; and
at least one non-transitory computer-readable medium storing computer executable instructions that when executed by the at least one processor cause the system to:
provide a first IP address table having a first set of internet protocol (IP) addresses associated with a first security segment;
provide a second IP address table having a second set of IP addresses associated with a second security segment;
provide a network policy table having a plurality of entries, wherein each entry has a forwarding policy decision and a protocol associated with a source IP address and a destination IP address; and
combine the first IP address table, the second IP address table, and the network policy table into the consolidated security segment table,
wherein the consolidated security segment table comprises the forwarding policy decision and the protocol associated with a source security segment and a destination security segment,
wherein the consolidated security segment table requires fewer entries and less memory than required by the first IP address table, the second IP address table, and the network policy table.