公开(公告)号：US20060203816A1

公开(公告)日：2006-09-14

申请号：US11121192

申请日：2005-05-03

申请人： Edele O'Malley ,  Eugene O'Neill ,  Kam Choi ,  Daniel O'Keeffe

发明人： Edele O'Malley ,  Eugene O'Neill ,  Kam Choi ,  Daniel O'Keeffe

IPC分类号： H04L12/56 ,  H04L12/54

CPC分类号： H04L63/1408 ,  H04L49/3009 ,  H04L49/354 ,  H04L49/355 ,  H04L2012/5687

摘要： A cascade system of network units includes forwarding units which have external ports, a communication fabric connecting the units and at least one processing unit which needs no forwarding database. The processing unit may perform a security operation such as intrusion prevention or encryption. Each forwarding unit on receipt of a packet performs a look-up to determine an egress port, to determine whether the packet must be diverted to a processing unit, to provide the packet with a first forwarding instruction identifying the egress port uniquely within the system and a second forwarding instruction identifying a diversion port by which the packet can reach the processing unit and to set an order field which determines which of the forwarding instructions shall be performed first. The processing unit is operative on receipt of the packet by way of the diversion port to change the order field to specify that the packet should now be sent to the egress port.

摘要翻译： 网络单元的级联系统包括具有外部端口的转发单元，连接单元的通信结构以及不需要转发数据库的至少一个处理单元。 处理单元可以执行诸如入侵防御或加密的安全操作。 每个转发单元在接收到分组时执行查找以确定出口端口，以确定分组是否必须被转移到处理单元，以向分组提供识别系统内唯一的出口端口的第一转发指令，以及 识别分组可以到达处理单元的转移端口的第二转发指令，以及设置首先执行哪个转发指令的顺序字段。 处理单元通过转移端口接收到分组，以改变订单字段以指定该分组现在应该被发送到出口端口。

公开(公告)号：US08213420B2

公开(公告)日：2012-07-03

申请号：US11857512

申请日：2007-09-19

申请人： Bryan J Donoghue ,  Quang T Tran ,  Eugene O'Neill ,  David J Law ,  Paul J Moran ,  Edele O'Malley ,  Jerome Nolan ,  Kam Choi ,  Maunte A Goodfellow

发明人： Bryan J Donoghue ,  Quang T Tran ,  Eugene O'Neill ,  David J Law ,  Paul J Moran ,  Edele O'Malley ,  Jerome Nolan ,  Kam Choi ,  Maunte A Goodfellow

IPC分类号： H04L12/50

CPC分类号： H04L12/433

摘要： A network stack includes a plurality of network units each of which includes a multiplicity of ports for receiving and forwarding addressed data packets, at least two cascade ports and a switching engine for forwarding received packets to at least one port in accordance with address data in the packets and a cascade connection including, for each of two opposite directions around the stack, at least one unidirectional path for data packets composed of links each between a respective cascade port on a network unit and a corresponding cascade port on the next network unit.

摘要翻译： 网络堆栈包括多个网络单元，每个网络单元包括用于接收和转发寻址的数据分组的多个端口，至少两个级联端口和用于根据所述数据分组中的地址数据将接收的分组转发到至少一个端口的交换引擎 分组和级联连接包括针对堆叠周围的两个相反方向中的每一个，至少一个用于由网络单元上的相应级联端口和下一个网络单元上的对应级联端口之间的链路组成的数据分组的单向路径。

公开(公告)号：US07420968B2

公开(公告)日：2008-09-02

申请号：US10456702

申请日：2003-06-06

申请人： Bryan J. Donoghue ,  Richard A. Gahan ,  Kam Choi ,  Edele O'Malley ,  Eugene O'Neill

发明人： Bryan J. Donoghue ,  Richard A. Gahan ,  Kam Choi ,  Edele O'Malley ,  Eugene O'Neill

IPC分类号： H04L12/50 ,  H04Q11/00

CPC分类号： H04L49/1515

摘要： A system of switch modules contains input demultiplexers connected to ports on each of the modules and output multiplexers connected to each of the modules. Each module has output and input interfaces for mesh links and at least one output interface is looped back to an input interface on the same module. The arrangement reduces module-to-module traffic and corresponding increases the transmit bandwidth of a module.

摘要翻译： 开关模块的系统包括连接到每个模块上的端口的输入解复用器和连接到每个模块的输出多路复用器。 每个模块都具有用于网格链接的输出和输入接口，并且至少一个输出接口循环回相同模块上的输入接口。 该装置减少了模块到模块的流量，并且相应地增加了模块的传输带宽。

公开(公告)号：US20060120373A1

公开(公告)日：2006-06-08

申请号：US11064258

申请日：2005-02-22

申请人： Daniel O'Keeffe ,  Eugene O'Neill ,  Edele O'Malley ,  Eoin O'Brien

发明人： Daniel O'Keeffe ,  Eugene O'Neill ,  Edele O'Malley ,  Eoin O'Brien

IPC分类号： H04L12/28

CPC分类号： G06F17/30982 ,  H04L45/7453 ,  H04L49/90

摘要： A content addressable memory stores entries each comprising a rule and as part of the entry a mask identifying all the entities to which the rule is applicable. A search pattern of data and a bit mask identifying the actual entity (or entities) associated with the data is applied as a search word along with a comparison mask that excludes all the other entities from the comparison of the search word with the entry. The CAM can thereby store efficiently in a single entry a rule that may be applicable to some but not all of a multiplicity of entities such as possible ingress ports of a network unit

摘要翻译： 内容可寻址存储器存储每个包括规则的条目，并且作为该条目的一部分，掩码标识规则所适用的所有实体。 将与数据相关联的实际实体（或实体）的搜索模式和位掩码应用为搜索词，以及将搜索词与条目的比较排除所有其他实体的比较掩码。 因此，CAM可以在单个条目中有效地存储可适用于一些但不是全部多个实体的规则，例如网络单元的可能入口端口

公开(公告)号：US07362750B2

公开(公告)日：2008-04-22

申请号：US10464292

申请日：2003-06-17

申请人： Kam Choi ,  Eugene O'Neill ,  Edele O'Malley

发明人： Kam Choi ,  Eugene O'Neill ,  Edele O'Malley

IPC分类号： H04Q11/06

CPC分类号： H04L45/742 ,  H04L49/15 ,  H04L49/30

摘要： A switching module has external ports for sending and receiving data packets and mesh interfaces for internal mesh connections with other modules. A switching engine directs packets to one or other of the mesh interfaces according to the port number of a ‘destination’ or egress port on another module, as determined by a lookup. The port numbers are programmable so that the distribution of traffic through the mesh connections can be modified.

摘要翻译： 交换模块具有用于发送和接收数据包和网格接口的外部端口，用于与其他模块的内部网格连接。 交换引擎根据查找确定的根据另一个模块上的“目的地”或出口端口的端口号将数据包引导到一个或多个网格接口。 端口号是可编程的，以便可以修改通过网状连接的流量分配。

公开(公告)号：US07289496B2

公开(公告)日：2007-10-30

申请号：US10067738

申请日：2002-02-08

申请人： Bryan J Donoghue ,  Quang T Tran ,  Eugene O'Neill ,  David J Law ,  Paul J Moran ,  Edele O'Malley ,  Jerome Nolan ,  Kam Choi ,  Maurice A Goodfellow

发明人： Bryan J Donoghue ,  Quang T Tran ,  Eugene O'Neill ,  David J Law ,  Paul J Moran ,  Edele O'Malley ,  Jerome Nolan ,  Kam Choi ,  Maurice A Goodfellow

IPC分类号： H04L12/50

CPC分类号： H04L12/433

摘要： Network units such as switches for use in a cascaded stack are organised to provide a cascade connection in the form of a dual unidirectional connection so that, in its ordinary configuration, there is at least one and preferably more than one unidirectional ring for each direction around the cascade, each ring including a respective port on each unit. For each ring, each port on a unit is connected by a respective link to a corresponding port on the preceding unit and the following unit. The units provide a self-healing operation in the event of various kinds of operational failure. The self-healing operation includes loop-back of packets in units adjacent the failure and bypass of a packet switching process for other units. The units include control logic for passing control frames containing status information relating to the units and links between them and for co-operation with a CPU to control a switching engine to perform the self-healing operation in accordance with that status information. The units forward on the cascade packets with headers that identify a destination port and the unit on which that port is located and also indicate which units have and have not been traversed by a packet.

摘要翻译： 网络单元（例如用于级联堆叠中的开关）被组织以提供双向单向连接形式的级联连接，使得在其普通配置中，每个方向周围存在至少一个并且优选地多于一个单向环 级联，每个环包括每个单元上的相应端口。 对于每个环，单元上的每个端口通过相应的链路连接到前一单元上的相应端口和随后的单元。 在各种操作故障的情况下，这些单元提供自愈操作。 自修复操作包括以故障为单位的分组的环回，并且对其他单元进行分组交换过程的旁路。 这些单元包括控制逻辑，用于传递包含与它们之间的单元和链接相关的状态信息的控制帧，并且用于与CPU协作以控制切换引擎以根据该状态信息执行自愈操作。 单元在级联数据包上转发标识目的端口和该端口所在单元的报头，并指示哪些单元已经和没有被数据包遍历。

公开(公告)号：US20060092947A1

公开(公告)日：2006-05-04

申请号：US11064227

申请日：2005-02-22

申请人： Daniel O'Keeffe ,  Eugene O'Neill ,  Edele O'Malley ,  Kam Choi

发明人： Daniel O'Keeffe ,  Eugene O'Neill ,  Edele O'Malley ,  Kam Choi

IPC分类号： H04L12/56 ,  H04L12/28

CPC分类号： H04L45/00 ,  H04L45/60 ,  H04L45/7453 ,  H04L47/20

摘要： A rules engine for the examination of selected fields in an addressed data packet, has an access control list table of which the entries each define an access control list rule, an action and a chain identifier. The access control list rule is a basic rule which refers to a TCP flow. The engine also has an extension rule table of which the entries each define an extension rule, a respective action and a respective rule identifier. The extension rule may refer to a particular flag in a TCP header. When a packet arrives the engine searches both tales. This search is made independently of the usual address lookup. If there is a match in both tables, and the chain identifier matches the extension rule identifier the engine prescribes the action associated with the extension rule. If the chain identifier of a matched access control list rule does not match a rule identifier of a matched extension rule the engine prescribes the action associates with the access control list rule. In the absence of a match with any access control list rule the action on a packet is based on the result from a lookup engine.

摘要翻译： 用于检查寻址数据分组中的所选字段的规则引擎具有访问控制列表表，其中条目各自定义访问控制列表规则，动作和链标识符。 访问控制列表规则是引用TCP流的基本规则。 引擎还具有扩展规则表，其中条目各自定义扩展规则，相应的动作和相应的规则标识符。 扩展规则可以指TCP头中的特定标志。 当一个包到达时，引擎搜索这两个故事。 该搜索是独立于通常的地址查找。 如果两个表中都有匹配，并且链标识符与扩展规则标识符匹配，则引擎规定与扩展规则相关联的操作。 如果匹配的访问控制列表规则的链标识符与匹配的扩展规则的规则标识符不匹配，则引擎规定与访问控制列表规则相关联的动作。 在没有与任何访问控制列表规则匹配的情况下，数据包上的操作基于查找引擎的结果。

公开(公告)号：US20120084245A1

公开(公告)日：2012-04-05

申请号：US13252776

申请日：2011-10-04

申请人： David Law ,  Peter Furlong ,  Eugene O'Neill ,  Kevin Loughran

发明人： David Law ,  Peter Furlong ,  Eugene O'Neill ,  Kevin Loughran

IPC分类号： G06N5/02

CPC分类号： H04L45/742 ,  H04L69/22

摘要： An apparatus including logic to receive a data packet comprising a string of characters, said apparatus having a plurality of states and at least one state for every character position in the string of characters; logic to examine the string of characters for matches with a plurality of predefined values, beginning with an initial character; and logic to execute forward exit transitions from any of the plurality of states based upon the examination of the characters, wherein a current state of the apparatus represents a count of a number of characters from the initial character of the string of characters.

摘要翻译： 一种装置，包括用于接收包括一串字符的数据分组的逻辑，所述装置具有多个状态，并且至少一个状态用于字符串中的每个字符位置; 检查用于与初始字符开始的多个预定义值匹配的字符串的逻辑; 以及基于对所述字符的检查来执行从所述多个状态中的任何一个状态的向前退出转换的逻辑，其中所述装置的当前状态表示从所述字符串的初始字符开始的字符数的计数。

公开(公告)号：US08060546B2

公开(公告)日：2011-11-15

申请号：US11848302

申请日：2007-08-31

申请人： David Law ,  Peter Furlong ,  Eugene O'Neill ,  Kevin Loughran

发明人： David Law ,  Peter Furlong ,  Eugene O'Neill ,  Kevin Loughran

IPC分类号： G06F7/00

CPC分类号： H04L45/742 ,  H04L69/22

摘要： A deterministic finite state machine organised for the detection of positionally significant matches of characters in a string of characters examines each character in turn to determine a exit transition for a current state of the machine to another state The machine responds to an examination of the string of characters by executing in response to a first character at the commencement of the string a transition from an initial state to another state. The machine has at least one state for every character position, includes a exit transition from each state for each character to another state; and possesses only forward exit transitions each from any of the states whereby the current state of the machine unambiguously represents a count of the number of characters from the commencement of the string. The machine may include at least one match state which indicates that all character matches in the string required by at least one respective rule have been detected. Some but not all the states in the multiplicity of states each have a single exit transition for any value of a respective character in the string. At least some of the states in the multiplicity of states each define an exit transition to a state indicating ‘no match’. The machine may be disposed to cease its examination of the character string on attaining a ‘no match’state.

摘要翻译： 组织为用于检测字符串中的字符的位置有意义的匹配的确定性有限状态机依次检查每个字符以确定机器的当前状态到另一状态的退出转换。机器响应于对字符串的检查 通过在字符串开始时响应于第一个字符执行从初始状态到另一状态的转变的字符。 机器对于每个字符位置至少有一个状态，包括从每个字符到另一个状态的每个状态的退出转换; 并且仅具有从任何状态的前向退出转换，由此机器的当前状态明确地表示从字符串的开始处的字符数的计数。 机器可以包括至少一个匹配状态，其指示已经检测到至少一个相应规则所需的字符串中的所有字符匹配。 多个状态中的一些但不是全部状态各自对于字符串中相应字符的任何值都具有单个退出转换。 多个状态中的至少一些状态各自定义到指示“不匹配”的状态的退出转换。 可以处理机器以在获得“不匹配”状态时停止对字符串的检查。

公开(公告)号：US08275818B2

公开(公告)日：2012-09-25

申请号：US13252776

申请日：2011-10-04

申请人： David Law ,  Peter Furlong ,  Eugene O'Neill ,  Kevin Loughran

发明人： David Law ,  Peter Furlong ,  Eugene O'Neill ,  Kevin Loughran

IPC分类号： G06F7/00

CPC分类号： H04L45/742 ,  H04L69/22

摘要： An apparatus including logic to receive a data packet comprising a string of characters, said apparatus having a plurality of states and at least one state for every character position in the string of characters; logic to examine the string of characters for matches with a plurality of predefined values, beginning with an initial character; and logic to execute forward exit transitions from any of the plurality of states based upon the examination of the characters, wherein a current state of the apparatus represents a count of a number of characters from the initial character of the string of characters.

摘要翻译： 一种装置，包括用于接收包括一串字符的数据分组的逻辑，所述装置具有多个状态，并且至少一个状态用于字符串中的每个字符位置; 检查用于与初始字符开始的多个预定义值匹配的字符串的逻辑; 以及基于对所述字符的检查来执行从所述多个状态中的任何一个状态的向前退出转换的逻辑，其中所述装置的当前状态表示从所述字符串的初始字符开始的字符数的计数。