| CPC H04L 63/20 (2013.01) [H04L 45/34 (2013.01); H04L 45/748 (2013.01); H04L 45/74591 (2022.05); H04L 63/101 (2013.01)] | 19 Claims |
|
9. A system for programming a consolidated security segment table in a dedicated content-addressable memory (CAM) of a network device, the system comprising:
at least one processor; and
at least one non-transitory computer-readable medium storing computer executable instructions that when executed by the at least one processor cause the system to:
provide a first IP address table having a first set of internet protocol (IP) addresses associated with a first security segment;
provide a second IP address table having a second set of IP addresses associated with a second security segment;
provide a network policy table having a plurality of entries, wherein each entry has a forwarding policy decision and a protocol associated with a source IP address and a destination IP address; and
combine the first IP address table, the second IP address table, and the network policy table into the consolidated security segment table,
wherein the consolidated security segment table comprises the forwarding policy decision and the protocol associated with a source security segment and a destination security segment,
wherein the consolidated security segment table requires fewer entries and less memory than required by the first IP address table, the second IP address table, and the network policy table.
|