-
公开(公告)号:US07023853B1
公开(公告)日:2006-04-04
申请号:US10087342
申请日:2002-03-01
IPC分类号: H04L12/28
CPC分类号: H04L47/10 , H04L45/50 , H04L45/7453 , H04L47/20 , H04L47/2441 , H04L47/31 , H04L63/0263 , H04L63/101
摘要: The invention provides for hardware processing of ACLs and thus hardware enforcement of access control. A sequence of access control specifiers from an ACL are recorded in a CAM, and information from the packet header is used to attempt to match selected source and destination IP addresses or subnets, ports, and protocols, against all the ACL specifiers at once. Successful matches are input to a priority selector, which selects the match with the highest priority (that is, the match that is first in the sequence of access control specifiers). The specified result of the selected match is used to permit or deny access for the packet without need for software processing, preferably at a rate comparable to wirespeed. The CAM includes an ordered sequence of entries, each of which has an array of ternary-elements for matching “0”, “1”, or any value, and each of which generates a match signal. The ACL entered for recording in the CAM can be optimized to reduce the number of separate entries in the CAM, such as by combining entries which are each special cases of a more general access control specifier. A router including the CAM can also include preprocessing circuits for certain range comparisons which have been found both to be particularly common and to be otherwise inefficiently represented by the ternary nature of the CAM, such as comparisons of the port number against known special cases such as “greater than 1023” or “within the range 6000 to 6500”.
摘要翻译: 本发明提供了ACL的硬件处理,从而提供了访问控制的硬件实现。 来自ACL的访问控制说明符序列被记录在CAM中,并且来自分组报头的信息用于尝试将所选的源和目的地IP地址或子网,端口和协议与所有ACL说明符一致地匹配。 成功的匹配被输入到优先级选择器,该选择器选择具有最高优先级的匹配(即,访问控制说明符序列中的匹配)。 所选择的匹配的指定结果用于允许或拒绝对数据包的访问,而不需要软件处理,优选地以与线速度相当的速率。 CAM包括有序的条目序列,每个条目具有用于匹配“0”,“1”或任何值的三元元素阵列,并且其中每一个生成匹配信号。 可以对在CAM中记录的ACL进行优化,以减少CAM中单独条目的数量,例如通过组合更通用的访问控制说明符的每个特殊情况的条目。 包括CAM的路由器还可以包括用于某些范围比较的预处理电路,这些电路已经被发现是特别常见的,并且由CAM的三元性质以其他方式低效地表示,例如端口号与已知的特殊情况的比较,例如 “大于1023”或“6000至6500”范围内。
-
12.发明授权Method for traffic management, traffic prioritization, access control, and packet forwarding in a datagram computer network 失效数据报计算机网络中流量管理,流量优先级,访问控制和数据包转发的方法
公开(公告)号:US6091725A
公开(公告)日:2000-07-18
申请号:US581134
申请日:1995-12-29
CPC分类号: H04L12/4645 , H04L12/4608
摘要: The invention provides an enhanced datagram packet switched computer network. The invention processes network datagram packets in network devices as separate flows, based on the source-destination address pair in the datagram packet. As a result, the network can control and manage each flow of datagrams in a segregated fashion. The processing steps that can be specified for each flow include traffic management, flow control, packet forwarding, access control, and other network management functions. The ability to control network traffic on a per flow basis allows for the efficient handling of a wide range and a large variety of network traffic, as is typical in large-scale computer networks, including video and multimedia traffic. The amount of buffer resources and bandwidth resources assigned to each flow can be individually controlled by network management. In the dynamic operation of the network, these resources can be varied based on actual network traffic loading and congestion encountered. The invention also teaches an enhanced datagram packet switched computer network which can selectively control flows of datagram packets entering the network and traveling between network nodes. This new network access control method also interoperates with existing media access control protocols, such as used in the Ethernet or 802.3 local area network. An aspect of the invention is that it does not require any changes to existing network protocols or network applications.
摘要翻译: 本发明提供了一种增强型数据包分组交换计算机网络。 本发明基于数据报包中的源 - 目的地址对,将网络设备中的网络数据报包处理为单独的流。 因此,网络可以以隔离的方式来控制和管理数据报的每个流。 可以为每个流量指定的处理步骤包括流量管理,流量控制,数据包转发,访问控制和其他网络管理功能。 在每个流量基础上控制网络流量的能力允许对大范围和各种各样的网络流量的有效处理,如在包括视频和多媒体流量在内的大型计算机网络中典型的。 分配给每个流的缓冲资源和带宽资源的数量可以由网络管理单独控制。 在网络的动态操作中,这些资源可以根据实际的网络流量负载和遇到的拥塞而变化。 本发明还教导了一种增强的数据包分组交换计算机网络,其可以选择性地控制进入网络并在网络节点之间传播的数据报分组的流。 这种新的网络访问控制方法还与现有的媒体访问控制协议(例如在以太网或802.3局域网中使用的协议)互操作。 本发明的一个方面是不需要对现有网络协议或网络应用进行任何改变。
-
公开(公告)号:US20080291626A1
公开(公告)日:2008-11-27
申请号:US12101839
申请日:2008-04-11
IPC分类号: H05K7/20
CPC分类号: H05K7/20745 , F24F1/0059 , F24F5/0089 , F24F5/0092 , F24F11/0001 , F24F2221/14 , H05K7/2079
摘要: A method for cooling electronic equipment. The method including propagating air through a first electronic component of the electronic equipment into a first enclosed area, where propagating the air through the first electronic component cools the first electronic component, circulating a refrigerant in a cooling loop, where the cooling loop comprises a heat exchanger, and propagating the air out of the first enclosed area by passing through the heat exchanger into a second enclosed area, where the air is cooled by passing through the heat exchanger.
摘要翻译: 一种用于冷却电子设备的方法。 所述方法包括将空气通过电子设备的第一电子部件传播到第一封闭区域中,其中通过第一电子部件传播空气冷却第一电子部件,使冷却回路中的制冷剂循环,其中冷却回路包括热 并且通过使热交换器通过第二封闭区域将空气从第一封闭区域传播出去,空气通过热交换器而被冷却。
-
公开(公告)号:US20080192431A1
公开(公告)日:2008-08-14
申请号:US12101773
申请日:2008-04-11
IPC分类号: H05K7/20
CPC分类号: H05K7/20727 , G06F1/20
摘要: A rackmount server has dual-redundant hot-swappable fans for uniformly providing air flow to a plurality of CPU modules housed in the rackmount server. Air flow generated by the fans may also be provided to I/O circuitry disposed in the rackmount server. An airflow zone in which air flow is provided by the fans is separate, however, from an airflow zone in which air flow is provided to at least one power supply and/or disk drive housed in the rackmount server.
摘要翻译: 机架式服务器具有双冗余热插拔风扇,用于均匀地向容纳在机架式服务器中的多个CPU模块提供空气流。 风扇产生的空气流也可以被提供给设置在机架式服务器中的I / O电路。 然而,由风扇提供空气流的气流区域与从其中提供空气流的气流区域分离到容纳在机架式服务器中的至少一个电源和/或磁盘驱动器。
-
公开(公告)号:USD545816S1
公开(公告)日:2007-07-03
申请号:US29238108
申请日:2005-09-09
-
公开(公告)号:US09301432B2
公开(公告)日:2016-03-29
申请号:US12101839
申请日:2008-04-11
CPC分类号: H05K7/20745 , F24F1/0059 , F24F5/0089 , F24F5/0092 , F24F11/0001 , F24F2221/14 , H05K7/2079
摘要: A method for cooling electronic equipment. The method including propagating air through a first electronic component of the electronic equipment into a first enclosed area, where propagating the air through the first electronic component cools the first electronic component, circulating a refrigerant in a cooling loop, where the cooling loop comprises a heat exchanger, and propagating the air out of the first enclosed area by passing through the heat exchanger into a second enclosed area, where the air is cooled by passing through the heat exchanger.
摘要翻译: 一种用于冷却电子设备的方法。 所述方法包括将空气通过电子设备的第一电子部件传播到第一封闭区域中,其中通过第一电子部件传播空气冷却第一电子部件,使冷却回路中的制冷剂循环,其中冷却回路包括热 并且通过使热交换器通过第二封闭区域将空气从第一封闭区域传播出去,空气通过热交换器而被冷却。
-
公开(公告)号:US07791894B2
公开(公告)日:2010-09-07
申请号:US12101805
申请日:2008-04-11
IPC分类号: H05K5/00
CPC分类号: H05K7/1487 , G06F1/183
摘要: A rackmount storage server has a printed circuit board (PCB) having connectors for connecting with a plurality of top-loading storage devices. A controller assembly having a PCI expansion slot, is arranged to operatively connect to the passive backplane from a rear side of the PCB. Further, the rackmount storage server has redundant cooling unit for facilitating air flow in an interior region of the rackmount storage server. Further, the rackmount storage server may have an integrated battery for saving power for use in case of, for example, a power failure.
摘要翻译: 机架式存储服务器具有印刷电路板(PCB),其具有用于与多个顶部装载存储装置连接的连接器。 具有PCI扩展槽的控制器组件布置成从PCB的后侧可操作地连接到无源底板。 此外,机架式存储服务器具有用于促进机架式存储服务器的内部区域中的空气流动的冗余冷却单元。 此外,机架式存储服务器可以具有用于在例如电源故障的情况下用于节省电力的集成电池。
-
公开(公告)号:US07227869B2
公开(公告)日:2007-06-05
申请号:US10103598
申请日:2002-03-20
IPC分类号: H04L12/28
CPC分类号: H04L12/413 , H04L7/0008 , H04L12/40006
摘要: Provided is a 10/100Base-T MAC to PHY interface requiring only two wires (pins) per port, with two additional global wires: a clock wire (pin), and a synchronization wire (pin). This reduction in the number of pins associated with each port is achieved by time-division multiplexing wherein each time-division multiplexed wire combines a plurality of definitions from the conventional 100Base-T interface specified by IEEE 802.3u (clause 22). As a result, each port has its own pair of associated time-division multiplexed wires (pins) and the addition of each port simply requires two additional wires. According to a preferred embodiment of the present invention, information normally transferred on sixteen wires in a conventional 100Base-T interface at 25 MHz is time-division multiplexed onto two wires (corresponding to two pins) that transfer data at 125 MHz, five times the speed of conventional interfaces. Importantly, this multiplexing is done on a port by port basis. Therefore, the number of pins required for a MAC to transceiver interface is two times the number of ports plus two instead of sixteen times the number of ports, and the addition of each additional port requires only two more wires (pins).
摘要翻译: 提供了一个10 / 100Base-T MAC到PHY接口,每个端口只需要两根电线(引脚),另外两根全球线:时钟线(引脚)和同步线(引脚)。 通过时分复用实现与每个端口相关联的引脚数的减少,其中每个时分多路复用的线组合来自IEEE 802.3u(第22节)指定的传统的100Base-T接口的多个定义。 因此,每个端口都有自己的一对相关联的时分复用电线(引脚),并且每个端口的添加只需要两根额外的电线。 根据本发明的优选实施例,在25MHz的常规100Base-T接口中通常在十六条导线上传送的信息被时分复用到以125MHz传输数据的两条线(对应于两个引脚) 常规接口的速度。 重要的是,这种复用是以端口为基础完成的。 因此,MAC到收发器接口所需的引脚数量是端口数量的两倍,而不是端口数量的十六倍,而每个附加端口的添加只需要两个电线(引脚)。
-
公开(公告)号:US06956852B1
公开(公告)日:2005-10-18
申请号:US09339963
申请日:1999-06-25
IPC分类号: H04L12/00 , H04L12/413 , H04L12/46
CPC分类号: H04L12/4641 , H04L12/4633
摘要: A high speed communications interface divides data into a plurality of lanes, each lane encoded with clocking information, serialized, and sent to an interface. During cycles when there is no available data to send, IDLE_EVEN and IDLE_ODD cells are sent on alternating cycles. Data is transmitted by sending a header which spans all lanes and includes a START symbol. The final data transaction includes a Frame Check Sequence (FCS) which operates over the entire header and data. The packet is terminated by an END symbol, which is sent after the final data, and the remainder of the lanes are padded with IDLE_EVEN, IDLE_ODD, IDLE_EVEN_BUSY, or IDLE_ODD_BUSY cycles. The interface has a variable clock rate.
摘要翻译: 高速通信接口将数据划分成多个通道,每个通道用时钟信息编码,串行化并发送到接口。 在没有可用数据发送的周期期间,IDLE_EVEN和IDLE_ODD单元是以交替周期发送的。 通过发送跨越所有通道的头部并包括START符号来发送数据。 最终数据事务包括在整个报头和数据上操作的帧校验序列(FCS)。 数据包由END符号终止,该符号在最终数据之后发送,剩余的通道以IDLE_EVEN,IDLE_ODD,IDLE_EVEN_BUSY或IDLE_ODD_BUSY循环填充。 该接口具有可变的时钟速率。
-
公开(公告)号:US06658002B1
公开(公告)日:2003-12-02
申请号:US09335800
申请日:1999-06-17
IPC分类号: H04L1256
CPC分类号: H04L47/10 , H04L45/50 , H04L45/7453 , H04L47/20 , H04L47/2441 , H04L47/31 , H04L63/101
摘要: An apparatus and method for performing logical operations on information in the communications protocol stack, such as the transport layer (L4) port numbers, characterizing a received packet or frame of data in a data communications device such as a router or switch. The results of the logical operations, along with other packet/frame-identifying data, are used to generate a more efficient lookup key. A content addressable memory (CAM) lookup is used to determine the action indicated by the rules defined by a rule-based routing or switching scheme, such as an access control list (ACL). The results of these logical operations extend the key space and thus provide a finer-grained match between the original, unextended input key and a rule action, thereby pointing to a rule action precisely tailored to packet processing. The rule can thus be applied with fewer CAM entries, providing the versatility improvement and CAM cost reduction necessary to keep up with the ever-increasing rule complexity requirements of advanced data communication and internetworking systems. An embodiment utilizing asymmetrical processing of packets, depending on whether the packet is inbound to the data communications device or outbound from it, is also disclosed. Furthermore, a ternary content-addressable memory (TCAM) implementation is disclosed. Use of a TCAM for ACL or other rule lookups further enhances the efficiency of rule processing by providing a masking capability for each TCAM entry which can be used to provide an additional level of flexibility for rule element checking.
摘要翻译: 对诸如传输层(L4)端口号的通信协议栈中的信息执行逻辑操作的装置和方法,表征诸如路由器或交换机之类的数据通信设备中的接收到的数据包或数据帧。 逻辑操作的结果连同其他分组/帧识别数据一起用于生成更有效的查找键。 内容可寻址存储器(CAM)查找用于确定由基于规则的路由或交换方案(诸如访问控制列表(ACL))定义的规则所指示的动作。 这些逻辑操作的结果扩展了密钥空间,从而在原始的,未扩展的输入密钥和规则动作之间提供了更细粒度的匹配,从而指向了针对数据包处理精确定制的规则操作。 因此,该规则可以应用于较少的CAM条目,提供多功能性改进和CAM成本降低,以适应高级数据通信和互联网络系统日益增长的规则复杂性要求。 还公开了一种利用分组的不对称处理的实施例,这取决于分组是否入站到数据通信设备或者从数据通信设备出站。 此外,公开了三元内容寻址存储器(TCAM)实现。 使用TCAM进行ACL或其他规则查找可以通过为每个TCAM条目提供掩蔽功能来进一步提高规则处理的效率,这可以用于为规则元素检查提供额外的灵活性水平。
-
-
-
-
-
-
-
-
-
搜索结果
28 条记录 (耗时 0.021 秒)
