Abstract: A security device for processing network flows includes packet processing cards with packet processors formed thereon where each packet processing card stores local counter values for one or more events and a packet processing manager including global event counters to maintain event statistics for events in the security device. In one embodiment, the packet processing manager stores a copy of the local counter value of an event for each packet processor reporting the event in the counter memory and the global event counter provides a global counter sum value for the event by summing the copies of local counter values in the local memory. In another embodiment, the global counter sum is compared to a threshold value to put the event in a conforming state or non-conforming state. The packet processing manager sends a multicast message to the interested packet processors indicating an event has transitioned to a non-conforming state.

Abstract: A security device for processing network flows includes one or more packet processors configured to receive incoming data packets associated with one or more network flows where a packet processor is assigned as an owner of one or more network flows and each packet processor processes data packets associated with flows for which it is the assigned owner; and a packet processing manager configured to assign ownership of network flows to the one or more packet processors where the packet processing manager includes a global flow table containing entries mapping network flows to packet processor ownership assignments. The packet processing manager informs a packet processor of an ownership assignment after one or more packets are received, and the one or more packet processors learns of ownership assignments of network flows from the packet processing manager.

Abstract: A security device for processing network flows is described, including: one or more packet processors configured to receive incoming data packets associated with network flows where a packet processor is assigned as an owner of network flows and each packet processor processes data packets associated with flows for which it is the assigned owner; and a packet processing manager configured to assign ownership of network flows to the packet processors where the packet processing manager includes a global flow table containing global flow table entries mapping network flows to packet processor ownership assignments and a predict flow table containing predict flow entries mapping predicted network flows to packet processor ownership assignments. A predict flow entry includes a predict key and associated packet processor ownership assignment. The predict key includes multiple data fields identifying a predicted network flow where one or more of the data fields have a wildcard value.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for managing network devices. A central management system stores shared configuration objects in a central configuration database. A network device stores shared configuration objects and device-specific configuration objects in a local configuration database. The local configuration database's shared configuration objects correspond to shared configuration objects in the central configuration database. The network device can be configured locally or using the central management system.