公开(公告)号：US11700206B2

公开(公告)日：2023-07-11

申请号：US16872035

申请日：2020-05-11

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Bjørn Dag Johnsen ,  Ajoy Siddabathuni ,  Avneesh Pant ,  Amarnath Jolad

IPC: H04L47/26 ,  H04L41/12 ,  H04L41/5003 ,  H04L45/48 ,  H04L47/17 ,  H04L47/2425 ,  H04L47/30 ,  H04L47/33 ,  H04L47/80 ,  H04L49/356 ,  H04W28/08 ,  G06F9/455 ,  G06F15/173 ,  H04L49/00

CPC classification number: H04L47/26 ,  H04L41/12 ,  H04L41/5003 ,  H04L45/48 ,  H04L47/17 ,  H04L47/2433 ,  H04L47/30 ,  H04L47/33 ,  H04L47/805 ,  H04L49/358 ,  H04W28/0983 ,  G06F9/45558 ,  G06F15/17331 ,  G06F2009/45583 ,  G06F2009/45595 ,  H04L49/70

Abstract: Systems and methods for providing RDMA (remote direct memory access) read requests as a restricted feature in a high performance computing environment. An exemplary method can provide, at one or more microprocessors, a first subnet, the first subnet comprising a plurality of switches, a plurality of host channel adapters, wherein each of the host channel adapters comprise at least one host channel adapter port, and wherein the plurality of host channel adapters are interconnected via the plurality of switches, and a plurality of end nodes, including a plurality of virtual machine. The method can associate a host channel adapter with a selective RDMA restriction. The method can host a virtual machine of the plurality of virtual machines at the host channel adapter that comprises a selective RDMA restriction.

公开(公告)号：US11500856B2

公开(公告)日：2022-11-15

申请号：US16571423

申请日：2019-09-16

Applicant: Oracle International Corporation

Inventor： Zahra Khatami ,  Avneesh Pant ,  Namrata Jampani

IPC: G06F16/22 ,  G06F16/23 ,  G06F15/173

Abstract: According to one or more embodiments, lookup, insertion, and deletion operations are allowed to continue during actions required for collision remediation. When relocation operations are used to resolve a collision, information encoded in header portions of the hash table entries that store the key-value pairs indicates when the associated key-value pairs are undergoing relocation. This information facilitates continued access to the RKVS during the relocation process by allowing other processes that access the RKVS to handle relocations without failure. Furthermore, when hash table expansion is needed in order to resolve a collision, a second, larger, hash table is allocated, and lookup operations continue on both the old hash table and the new hash table. One or more embodiments further prevent insertion, lookup, and deletion failures in the RKVS using flags, encoded in header information in hash table entries, that reflect the state of the respective key-value pairs in the store.

公开(公告)号：US11444881B2

公开(公告)日：2022-09-13

申请号：US16872043

申请日：2020-05-11

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Bjørn Dag Johnsen ,  Ajoy Siddabathuni ,  Avneesh Pant ,  Amarnath Jolad

IPC: H04L47/26 ,  H04L49/356 ,  H04L41/5003 ,  H04L47/80 ,  H04L47/17 ,  H04L47/33 ,  H04W28/08 ,  H04L41/12 ,  H04L45/48 ,  H04L47/30 ,  H04L47/2425 ,  G06F15/173 ,  G06F9/455 ,  H04L49/00

Abstract: Systems and methods for using multiple CE (congestion experienced) flags in both FECN (forward explicit congestion notification) and BECN (backward explicit congestion notification) in a high performance computing environment. An exemplary method can provide a first subnet comprising a plurality of switches, a plurality of host channel adapters, and a plurality of end nodes. The method can receive, at an end node attached to a host channel adapter, an ingress packet from a remote end node, wherein the ingress packet traversed at least a portion of the first subnet prior to being received at the end node. The method can, on receiving the ingress packet, send a response message from the end node attached to the host channel adapter to the remote end node, the response message indicating that the ingress packet experienced congestion during the traversal of the at least a portion of the first subnet.

公开(公告)号：US20170302673A1

公开(公告)日：2017-10-19

申请号：US15635418

申请日：2017-06-28

Applicant: Oracle International Corporation

Inventor： Vadim Makhervaks ,  Richard Mousseau ,  Bjørn Dag Johnsen ,  Sumanta Chatterjee ,  Avneesh Pant ,  Jean De Lavarene ,  Kant C. Patel ,  Bhaskar Mathur ,  Feroz Alam Khan ,  Sudeep Vatsanath Reguna

IPC: H04L29/06

CPC classification number: H04L63/101 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/1458 ,  H04L63/20

Abstract: An integrated firewall provides security in a multi-tenant environment having a connection-based switched fabric directly connecting database servers which provide a plurality of database services with application servers hosting database service consumers each having a different database service consumer identity. The firewall functionality integrated into each database server provides access control by discarding communication packets which do not include a database service consumer identity and using the database service consumer identity in combination with an access control list to control access from the database service consumers to the database services. The access control includes address resolution access control, connection establishment access control, and data exchange access control based on said access control list. The integrated firewall enables direct connection of database servers and application servers via an InfiniBand network providing without requiring a separate intermediary firewall appliance or security node.

公开(公告)号：US20240056397A1

公开(公告)日：2024-02-15

申请号：US18493541

申请日：2023-10-24

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Bjørn Dag Johnsen ,  Ajoy Siddabathuni ,  Avneesh Pant ,  Amarnath Jolad

IPC: H04L47/26 ,  H04L49/356 ,  H04L41/5003 ,  H04L47/80 ,  H04L47/17 ,  H04L47/33 ,  H04W28/08 ,  H04L41/12 ,  H04L45/48 ,  H04L47/30 ,  H04L47/2425

CPC classification number: H04L47/26 ,  H04L49/358 ,  H04L41/5003 ,  H04L47/805 ,  H04L47/17 ,  H04L47/33 ,  H04W28/0983 ,  H04L41/12 ,  H04L45/48 ,  H04L47/30 ,  H04L47/2433 ,  G06F15/17331

Abstract: Systems and methods for supporting target groups for congestion control in a private fabric in a high performance computing environment. An exemplary method can provide, at one or more microprocessors, a first subnet, the first subnet comprising a plurality of switches, a plurality of host channel adapters, and a plurality of end nodes, including a plurality of virtual machines. The method can define a target group on one of an inter-switch link or at a port of a switch of the plurality of switches, wherein the target group defines a bandwidth limit on the at least one of an inter-switch link between two switches of the plurality of switches or at a port of a switch of the plurality of switches. The method can provide a target group repository stored in a memory of the host channel adapter where the defined target group in the target group repository is recorded.

公开(公告)号：US20210152479A1

公开(公告)日：2021-05-20

申请号：US16872039

申请日：2020-05-11

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Bjørn Dag Johnsen ,  Ajoy Siddabathuni ,  Avneesh Pant ,  Amarnath Jolad

IPC: H04L12/851

Abstract: Systems and methods for supporting target groups for congestion control in a private fabric in a high performance computing environment. An exemplary method can provide, at one or more microprocessors, a first subnet, the first subnet comprising a plurality of switches, a plurality of host channel adapters, and a plurality of end nodes, including a plurality of virtual machines. The method can define a target group on one of an inter-switch link or at a port of a switch of the plurality of switches, wherein the target group defines a bandwidth limit on the at least one of an inter-switch link between two switches of the plurality of switches or at a port of a switch of the plurality of switches. The method can provide a target group repository stored in a memory of the host channel adapter where the defined target group in the target group repository is recorded.

公开(公告)号：US20200042489A1

公开(公告)日：2020-02-06

申请号：US16055978

申请日：2018-08-06

Applicant: Oracle International Corporation

Inventor： Tirthankar Lahiri ,  Juan R. Loaiza ,  Garret F. Swart ,  Jesse Kamp ,  Avneesh Pant ,  Hideaki Kimura

IPC: G06F15/167 ,  G06F15/173 ,  G06F9/54 ,  G06F9/455

Abstract: Techniques are provided to allow more sophisticated operations to be performed remotely by machines that are not fully functional. Operations that can be performed reliably by a machine that has experienced a hardware and/or software error are referred to herein as Remote Direct Memory Operations or “RDMOs”. Unlike RDMAs, which typically involve trivially simple operations such as the retrieval of a single value from the memory of a remote machine, RDMOs may be arbitrarily complex. The techniques described herein can help applications run without interruption when there are software faults or glitches on a remote system with which they interact.

公开(公告)号：US09723009B2

公开(公告)日：2017-08-01

申请号：US14848111

申请日：2015-09-08

Applicant: Oracle International Corporation

Inventor： Vadim Makhervaks ,  Richard Mousseau ,  Bjørn Dag Johnsen ,  Sumanta Chatterjee ,  Avneesh Pant ,  Jean De Lavarene ,  Kant C. Patel ,  Bhaskar Mathur ,  Feroz Alam Khan ,  Sudeep Vatsanath Reguna

IPC: H04L29/06

CPC classification number: H04L63/101 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/1458 ,  H04L63/20

Abstract: A security solution provides secure communication in a multi-tenant environment which includes a connection-based fabric, storage cells holding data associated with different tenants, database servers which provide a plurality of database services using said data, application servers hosting database service consumers. The fabric is configured into partitions isolating the storage cells from the database service consumers. The application servers securely associate unique database service consumer identities with each database service consumer and all communications with the database servers. The database servers reject all communications from the application servers which do not include an identity and use an access control list to control access from the database service consumers to the database services using address resolution access control, connection establishment access control, and data exchange access control based on said access control list. DoS attack prevention can also be performed based on consumer identities included in packets.

公开(公告)号：US20160072817A1

公开(公告)日：2016-03-10

申请号：US14848111

申请日：2015-09-08

Applicant: Oracle International Corporation

Inventor： Vadim Makhervaks ,  Richard Mousseau ,  Bjørn Dag Johnsen ,  Sumanta Chatterjee ,  Avneesh Pant ,  Jean De Lavarene ,  Kant C. Patel ,  Bhaskar Mathur ,  Feroz Alam Khan ,  Sudeep Vatsanath Reguna

IPC: H04L29/06

CPC classification number: H04L63/101 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/1458 ,  H04L63/20

Abstract: A security solution provides secure communication in a multi-tenant environment which includes a connection-based fabric, storage cells holding data associated with different tenants, database servers which provide a plurality of database services using said data, application servers hosting database service consumers. The fabric is configured into partitions isolating the storage cells from the database service consumers. The application servers securely associate unique database service consumer identities with each database service consumer and all communications with the database servers. The database servers reject all communications from the application servers which do not include an identity and use an access control list to control access from the database service consumers to the database services using address resolution access control, connection establishment access control, and data exchange access control based on said access control list. DoS attack prevention can also be performed based on consumer identities included in packets.

Abstract translation: 安全解决方案在多租户环境中提供安全通信，其包括基于连接的结构，保存与不同租户相关联的数据的存储单元，使用所述数据提供多个数据库服务的数据库服务器，承载数据库服务使用者的应用服务器。 将结构配置为隔离存储单元与数据库服务使用者的分区。 应用程序服务器将唯一的数据库服务使用者身份与每个数据库服务使用者进行安全关联，并与数据库服务器进行所有通信。 数据库服务器拒绝来自不包括身份的应用服务器的所有通信，并使用访问控制列表来控制使用地址解析访问控制，连接建立访问控制和数据交换访问控制从数据库服务使用者到数据库服务的访问 基于所述访问控制列表。 DoS攻击预防也可以根据包中包含的消费者身份进行。

公开(公告)号：US11631012B2

公开(公告)日：2023-04-18

申请号：US16917720

申请日：2020-06-30

Applicant: Oracle International Corporation

Inventor： Zahra Khatami ,  Avneesh Pant

IPC: G06F16/44 ,  G06N5/04 ,  G06F17/17 ,  G06N20/00

Abstract: Described is an improved approach to implement an offline learning approach for machine learning that employs a window-based technique for predicting values within the window, and where outliers are identified and discarded from consideration. This approach efficiently permits offline learning to be employed in a manner that minimizes false positives, while also improving the quality of the data should retaining be required.