公开(公告)号：US07933269B2

公开(公告)日：2011-04-26

申请号：US11849352

申请日：2007-09-03

申请人： Joseph Cheng ,  Zahid Hussain ,  Tim Millet

发明人： Joseph Cheng ,  Zahid Hussain ,  Tim Millet

IPC分类号： H04L12/28 ,  H04L12/56 ,  G06F15/173

CPC分类号： H04L45/16 ,  H04L12/18 ,  H04L12/1886 ,  H04L45/38 ,  H04L45/586 ,  H04L45/60 ,  H04L45/745 ,  H04L47/10 ,  H04L49/201 ,  H04L69/22 ,  H04L2012/6489

摘要： Methods and systems are provided for hardware-accelerated packet multicasting in a virtual routing system. According to one embodiment, a multicast packet is received at an ingress system of a packet-forwarding engine (PFE). The ingress system identifies flow classification indices for the multicast packet. Then, for each instance of multicasting, the ingress system sends a single copy of the multicast packet and the flow classification indices to an egress system of the PFE. The single copy of the multicast packet is buffered in a memory accessible by the egress system. The egress system prepares the multicast packet for transmission by for each flow classification index, identifying corresponding transform control instructions based on the flow classification index, reading the single copy of the multicast packet from the memory, causing the multicast packet to be transformed in accordance with the identified transform control instructions and outputting the transformed multicast packet.

摘要翻译： 为虚拟路由系统中的硬件加速分组多播提供了方法和系统。 根据一个实施例，在分组转发引擎（PFE）的入口系统处接收组播分组。 入口系统识别组播数据包的流分类索引。 然后，对于每个组播实例，入口系统向组播的出口系统发送组播数据包的单个副本和流分类索引。 组播数据包的单个副本被缓存在出口系统可访问的存储器中。 出口系统通过每个流分类索引准备传输的组播数据包，根据流分类索引识别相应的变换控制指令，从存储器读取组播数据包的单一副本，使组播数据包根据 所识别的变换控制指令并输出转换的多播分组。

公开(公告)号：US20070291755A1

公开(公告)日：2007-12-20

申请号：US11849352

申请日：2007-09-03

申请人： Joseph Cheng ,  Zahid Hussain ,  Tim Millet

发明人： Joseph Cheng ,  Zahid Hussain ,  Tim Millet

IPC分类号： H04L12/28

CPC分类号： H04L45/16 ,  H04L12/18 ,  H04L12/1886 ,  H04L45/38 ,  H04L45/586 ,  H04L45/60 ,  H04L45/745 ,  H04L47/10 ,  H04L49/201 ,  H04L69/22 ,  H04L2012/6489

摘要： Methods and systems are provided for hardware-accelerated packet multicasting in a virtual routing system. According to one embodiment, a multicast packet is received at an ingress system of a packet-forwarding engine (PFE). The ingress system identifies flow classification indices for the multicast packet. Then, for each instance of multicasting, the ingress system sends a single copy of the multicast packet and the flow classification indices to an egress system of the PFE. The single copy of the multicast packet is buffered in a memory accessible by the egress system. The egress system prepares the multicast packet for transmission by for each flow classification index, identifying corresponding transform control instructions based on the flow classification index, reading the single copy of the multicast packet from the memory, causing the multicast packet to be transformed in accordance with the identified transform control instructions and outputting the transformed multicast packet.

摘要翻译： 为虚拟路由系统中的硬件加速分组多播提供了方法和系统。 根据一个实施例，在分组转发引擎（PFE）的入口系统处接收组播分组。 入口系统识别组播数据包的流分类索引。 然后，对于每个组播实例，入口系统向组播的出口系统发送组播数据包的单个副本和流分类索引。 组播数据包的单个副本被缓存在出口系统可访问的存储器中。 出口系统通过每个流分类索引准备传输的组播数据包，根据流分类索引识别相应的变换控制指令，从存储器读取组播数据包的单一副本，使组播数据包根据 所识别的变换控制指令并输出转换的多播分组。

公开(公告)号：US20070127382A1

公开(公告)日：2007-06-07

申请号：US11671462

申请日：2007-02-05

申请人： Zahid Hussain ,  Samir Jain ,  Naveed Alam ,  Joseph Cheng ,  Gregory Lockwood ,  Tim Millet

发明人： Zahid Hussain ,  Samir Jain ,  Naveed Alam ,  Joseph Cheng ,  Gregory Lockwood ,  Tim Millet

IPC分类号： H04J1/16

CPC分类号： H04L45/00 ,  H04L45/586 ,  H04L45/742 ,  H04L49/252 ,  H04L49/505 ,  H04L49/70

摘要： Methods and systems are provided for routing traffic through a virtual router-based network switch. According to one embodiment, a method for routing packets in a router includes establishing a flow data structure, which identifies a packet flow through a virtual router in the router. When a packet is received, a comparison is performed between a subset of at least one packet header associated with the packet and a subset of the flow data structure. If the subset of the packet header matches the subset of the flow data structure, then the packet can be hardware accelerated to a network interface. Otherwise, the packet may be either dropped or forwarded to a general purpose processor for processing.

摘要翻译： 提供了方法和系统，用于通过基于虚拟路由器的网络交换机路由流量。 根据一个实施例，用于在路由器中路由分组的方法包括建立流数据结构，其识别路由器中的虚拟路由器的分组流。 当接收到分组时，在与分组相关联的至少一个分组报头的子集与流数据结构的子集之间执行比较。 如果分组报头的子集与流数据结构的子集匹配，则该分组可以被硬件加速到网络接口。 否则，可以将分组丢弃或转发到通用处理器进行处理。

公开(公告)号：US07161904B2

公开(公告)日：2007-01-09

申请号：US10163162

申请日：2002-06-04

申请人： Zahid Hussain ,  Sachin Desai ,  Naveed Alam ,  Joseph Cheng ,  Tim Millet

发明人： Zahid Hussain ,  Sachin Desai ,  Naveed Alam ,  Joseph Cheng ,  Tim Millet

IPC分类号： H04L12/26 ,  H04J1/00 ,  G08C15/00 ,  G06F11/00 ,  G01R31/08

CPC分类号： H04L45/60 ,  H04L43/026 ,  H04L43/0829 ,  H04L43/0894 ,  H04L45/586 ,  H04L47/10 ,  H04L47/11

摘要： A virtual routing platform includes a line interface a plurality of virtual routing engines (VREs) to identify packets of different packet flows and perform a hierarchy of metering including at least first and second levels of metering on the packet flows. A first level of metering may be performed on packets of a first packet flow using a first metering control block (MCB). The first level of metering may be one level of metering in a hierarchy of metering levels. A second level of metering on the packets of the first packet flow and packets of a second flow using a second MCB. The second level of metering may be another level of metering in the hierarchy. A cache-lock may be placed on the appropriate MCB prior to performing the level of metering. The first and second MCBs may be data structures stored in a shared memory of the virtual routing platform. The cache-lock may be released after performing the level of metering using the MCB. The cache-lock may comprise setting a lock-bit of a cache line index in a cache tag store, which may identify a MCB in the cache memory. The virtual routing platform may be a multiprocessor system utilizing a shared memory having a first and second processors to perform levels of metering in parallel. In one embodiment, a virtual routing engine may be shared by a plurality of virtual router contexts running in a memory system of a CPU of the virtual routing engine. In this embodiment, the first packet flow may be associated with one virtual router context and the second packet flow is associated with a second virtual router context. The first and second routing contexts may be of a plurality of virtual router contexts resident in the virtual routing engine.

摘要翻译： 虚拟路由平台包括线路接口，多个虚拟路由引擎（VRE），用于识别不同分组流的分组，并且执行测量层次，其包括在分组流上的至少第一和第二计量级别。 可以使用第一计量控制块（MCB）对第一分组流的分组执行第一级测量。 计量的第一级可以是计量级别的一个层次中的一个计量级别。 使用第二MCB对第一分组流的分组和第二流的分组进行第二级计量。 第二级计量可能是层次结构中的另一个计量级别。 在执行测量级别之前，可以将缓存锁定放置在适当的MCB上。 第一和第二MCB可以是存储在虚拟路由平台的共享存储器中的数据结构。 使用MCB执行测光程序后，缓存锁可能会被释放。 高速缓存锁定可以包括在高速缓存标签存储器中设置高速缓存行索引的锁定位，高速缓存标签存储器可以标识高速缓冲存储器中的MCB。 虚拟路由平台可以是利用具有第一和第二处理器的共享存储器并行地执行计量水平的多处理器系统。 在一个实施例中，虚拟路由引擎可以由在虚拟路由引擎的CPU的存储器系统中运行的多个虚拟路由器上下文共享。 在该实施例中，第一分组流可以与一个虚拟路由器上下文相关联，并且第二分组流与第二虚拟路由器上下文相关联。 第一和第二路由上下文可以是驻留在虚拟路由引擎中的多个虚拟路由器上下文。

公开(公告)号：US08848718B2

公开(公告)日：2014-09-30

申请号：US12467609

申请日：2009-05-18

申请人： Zahid Hussain ,  Sachin Desai ,  Naveed Alam ,  Joseph Cheng ,  Tim Millet

发明人： Zahid Hussain ,  Sachin Desai ,  Naveed Alam ,  Joseph Cheng ,  Tim Millet

IPC分类号： H04L12/28 ,  H04L12/66 ,  G06F15/173

CPC分类号： H04L45/60 ,  H04L43/026 ,  H04L43/0829 ,  H04L43/0894 ,  H04L45/586 ,  H04L47/10 ,  H04L47/11

摘要： Methods and systems are provided for applying metering and rate-limiting in a virtual router environment and supporting a hierarchy of metering/rate-limiting contexts per packet flow. According to one embodiment, multiple first level metering options and multiple second level metering options associated with a hierarchy of metering levels are provided. A virtual routing engine receives packets associated with a first packet flow and packets associated with a second packet flow. The virtual routing engine performs a first type of metering of the first level metering options on the packets associated with the first packet flow using a first metering control block (MCB) and performs a second type of metering of the second level metering options on the packets associated with the first packet flow and the packets associated with the second packet flow using a second MCB.

摘要翻译： 提供了方法和系统，用于在虚拟路由器环境中应用计量和速率限制，并支持每个数据包流的计量/速率限制上下文的层次。 根据一个实施例，提供与测量级别的层级相关联的多个第一级计量选项和多个第二级计量选项。 虚拟路由引擎接收与第一分组流相关联的分组以及与第二分组流相关联的分组。 虚拟路由引擎使用第一计量控制块（MCB）执行与第一分组流相关联的分组上的第一级计量选项的第一类型的测量，并且对分组执行第二级计量选项的第二类型的测量 使用第二MCB与第一分组流和与第二分组流相关联的分组相关联。

公开(公告)号：US08064462B2

公开(公告)日：2011-11-22

申请号：US12781808

申请日：2010-05-17

申请人： Zahid Hussain ,  Tim Millet

发明人： Zahid Hussain ,  Tim Millet

IPC分类号： H04L12/28 ,  H04L12/50 ,  H04Q11/00 ,  G06F15/173

CPC分类号： H04L47/2441 ,  H04L45/00 ,  H04L45/20 ,  H04L45/586 ,  H04L45/60 ,  H04L47/10 ,  H04L47/125 ,  H04L47/2408 ,  H04L47/2491 ,  H04L47/326 ,  H04L47/50 ,  H04L47/6215 ,  H04L47/623 ,  H04L49/70 ,  H04L61/2503 ,  H04L61/6004 ,  H04L63/02 ,  H04L63/0236 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/062 ,  H04L63/101 ,  H04L63/164 ,  H04L69/22 ,  H04L69/24

摘要： Methods and systems for providing IP services in an integrated fashion are provided. According to one embodiment, a system includes a switch fabric and a line interface/network module, multiple virtual routing engines (VREs) and a virtual services engine (VSE) coupled with the switch fabric. The line interface/network module receives packets, steers ingress packets to a selected VRE and transmits egress packets according to their relative priority. VREs determines if a packet associated with a packet flow requires processing by the VSE by performing flow-based packet classification on the packet and evaluating forwarding state information associated with previously stored flow learning results. The VSE includes a central processing unit configured to perform firewall processing, Uniform Resource Locator (URL) filtering and anti-virus processing. If the packet is determined to require processing by the VSE, then the packet is steered to the VSE for firewall, URL filtering and/or anti-virus processing.

摘要翻译： 提供了以集成方式提供IP服务的方法和系统。 根据一个实施例，系统包括交换结构和线路接口/网络模块，多个虚拟路由引擎（VRE）和与交换结构耦合的虚拟服务引擎（VSE）。 线路接口/网络模块接收分组，将入口分组引导到所选择的VRE，并根据其相对优先级发送出口分组。 VRE确定与分组流相关联的分组是否需要通过在分组上执行基于流的分组分类并且评估与先前存储的流学习结果相关联的转发状态信息来由VSE进行处理。 VSE包括配置为执行防火墙处理，统一资源定位符（URL）过滤和防病毒处理的中央处理单元。 如果分组被确定为需要由VSE进行处理，则该分组被引导到用于防火墙，URL过滤和/或防病毒处理的VSE。

公开(公告)号：US07668087B2

公开(公告)日：2010-02-23

申请号：US11621102

申请日：2007-01-08

申请人： Zahid Hussain ,  Sachin Desai ,  Naveed Alam ,  Joseph Cheng ,  Tim Millet

发明人： Zahid Hussain ,  Sachin Desai ,  Naveed Alam ,  Joseph Cheng ,  Tim Millet

IPC分类号： H04L12/26 ,  H04J1/00 ,  G08C15/00 ,  G06F11/00 ,  G01R31/08

CPC分类号： H04L45/60 ,  H04L43/026 ,  H04L43/0829 ,  H04L43/0894 ,  H04L45/586 ,  H04L47/10 ,  H04L47/11

摘要： Methods and systems are provided for applying metering and rate-limiting in a virtual router environment and supporting a hierarchy of metering/rate-limiting contexts per packet flow. According to one embodiment, multiple first level metering options and multiple second level metering options associated with a hierarchy of metering levels are provided. A virtual routing engine receives packets associated with a first packet flow and packets associated with a second packet flow. The virtual routing engine performs a first type of metering of the first level metering options on the packets associated with the first packet flow using a first metering control block (MCB) and performs a second type of metering of the second level metering options on the packets associated with the first packet flow and the packets associated with the second flow using a second MCB.

摘要翻译： 提供了方法和系统，用于在虚拟路由器环境中应用计量和速率限制，并支持每个数据包流的计量/速率限制上下文的层次。 根据一个实施例，提供与测量级别的层级相关联的多个第一级计量选项和多个第二级计量选项。 虚拟路由引擎接收与第一分组流相关联的分组以及与第二分组流相关联的分组。 虚拟路由引擎使用第一计量控制块（MCB）执行与第一分组流相关联的分组上的第一级计量选项的第一类型的测量，并且对分组执行第二级计量选项的第二类型的测量 使用第二MCB与第一分组流和与第二流相关联的分组相关联。

公开(公告)号：US07522604B2

公开(公告)日：2009-04-21

申请号：US11671462

申请日：2007-02-05

申请人： Zahid Hussain ,  Samir Jain ,  Naveed Alam ,  Joseph Cheng ,  Greg Lockwood ,  Tim Millet

发明人： Zahid Hussain ,  Samir Jain ,  Naveed Alam ,  Joseph Cheng ,  Greg Lockwood ,  Tim Millet

IPC分类号： H04L12/28

CPC分类号： H04L45/00 ,  H04L45/586 ,  H04L45/742 ,  H04L49/252 ,  H04L49/505 ,  H04L49/70

摘要： Methods and systems are provided for routing traffic through a virtual router-based network switch. According to one embodiment, a method for routing packets in a router includes establishing a flow data structure, which identifies a packet flow through a virtual router in the router. When a packet is received, a comparison is performed between a subset of at least one packet header associated with the packet and a subset of the flow data structure. If the subset of the packet header matches the subset of the flow data structure, then the packet can be hardware accelerated to a network interface. Otherwise, the packet may be either dropped or forwarded to a general purpose processor for processing.

摘要翻译： 提供了方法和系统，用于通过基于虚拟路由器的网络交换机路由流量。 根据一个实施例，用于在路由器中路由分组的方法包括建立流数据结构，其识别路由器中的虚拟路由器的分组流。 当接收到分组时，在与分组相关联的至少一个分组报头的子集与流数据结构的子集之间执行比较。 如果分组报头的子集与流数据结构的子集匹配，则该分组可以被硬件加速到网络接口。 否则，可以将分组丢弃或转发到通用处理器进行处理。

公开(公告)号：US20090073977A1

公开(公告)日：2009-03-19

申请号：US12260524

申请日：2008-10-29

申请人： Zahid Hussain ,  Samir Jain ,  Naveed Alam ,  Joseph Cheng ,  Gregory Lockwood ,  Tim Millet

发明人： Zahid Hussain ,  Samir Jain ,  Naveed Alam ,  Joseph Cheng ,  Gregory Lockwood ,  Tim Millet

IPC分类号： H04L12/56

CPC分类号： H04L45/00 ,  H04L45/586 ,  H04L45/742 ,  H04L49/252 ,  H04L49/505 ,  H04L49/70

摘要： Methods and systems are provided for routing traffic through a virtual router-based network switch. According to one embodiment, a flow data structure is established that identifies current packet flows associated with multiple virtual routers in the virtual router-based network device. When an incoming packet is received by the virtual router-based network device, it is then determined whether the incoming packet is associated with a current packet flow by accessing the flow data structure based on a header associated with the incoming packet. If it is determined that the incoming packet is associated with the current packet flow, then the incoming packet is hardware forwarded via a network interface of the virtual router-based network device without intervention by a processor of the virtual router-based network device, otherwise the incoming packet is forwarded to software on the processor for flow learning.

摘要翻译： 提供了方法和系统，用于通过基于虚拟路由器的网络交换机路由流量。 根据一个实施例，建立流数据结构，其识别与基于虚拟路由器的网络设备中的多个虚拟路由器相关联的当前分组流。 当基于虚拟路由器的网络设备接收到传入分组时，通过基于与输入分组相关联的报头访问流数据结构来确定输入分组是否与当前分组流相关联。 如果确定进入的分组与当前分组流相关联，则进入的分组是经由基于虚拟路由器的网络设备的网络接口的硬件转发的，而不是由基于虚拟路由器的网络设备的处理器进行干预 传入的分组被转发到处理器上的软件用于流学习。

公开(公告)号：US20070147368A1

公开(公告)日：2007-06-28

申请号：US11684614

申请日：2007-03-10

申请人： Sachin Desai ,  Tim Millet ,  Zahid Hussain ,  Paul Kim ,  Louise Yeung ,  Ken Yeung

发明人： Sachin Desai ,  Tim Millet ,  Zahid Hussain ,  Paul Kim ,  Louise Yeung ,  Ken Yeung

IPC分类号： H04L12/56

CPC分类号： H04L47/22 ,  H04L12/4625 ,  H04L47/10 ,  H04L47/2441 ,  H04L47/2491 ,  H04L49/254 ,  H04L49/30 ,  H04L49/65

摘要： Methods and systems are provided for steering network packets. According to one embodiment, a mapping associates a processing resource with a network interface module (netmod) and/or a number of line interface ports included within the netmod. In one embodiment, the mapping is configurable within the processing resource and pushed to the netmod. The netmod uses the mapping to steer network packets to the processing resource when the packets conform to the mapping. The mapping may be additionally used to identify a specific process that is to be performed against the packets once the processing resource receives the steered packets from the netmod.

摘要翻译： 提供了用于转向网络数据包的方法和系统。 根据一个实施例，映射将处理资源与网络接口模块（netmod）和/或包括在netmod内的多个线路接口端口相关联。 在一个实施例中，映射可在处理资源内配置并被推送到netmod。 当数据包符合映射时，netmod使用映射来将网络数据包引导到处理资源。 一旦处理资源接收到来自netmod的转向分组，该映射可以另外用于标识将针对分组执行的特定进程。