公开(公告)号：US10958627B2

公开(公告)日：2021-03-23

申请号：US16858874

申请日：2020-04-27

Applicant: Mellanox Technologies, Ltd.

Inventor： Adi Menachem ,  Liran Liss ,  Boris Pismenny

IPC: H04L29/06 ,  G06F21/60 ,  G06F21/53 ,  H04L9/08 ,  G06F9/455 ,  H04L9/14 ,  H04L9/32

Abstract: Computing apparatus includes a host processor, which runs a virtual machine monitor (VMM), which supports a plurality of virtual machines and includes a cryptographic security software module. A network interface controller (NIC) links the host processor to a network so as to transmit and receive data packets from and to the virtual machines and includes a cryptographic security hardware logic module, which when invoked by the VMM, applies the cryptographic security protocol to the data packets while maintaining a state context of the protocol with respect to each of the virtual machines. Upon encountering an exception in applying the cryptographic security protocol, the NIC transfers the data packet, together with the state context of the cryptographic security protocol with respect to the given virtual machine, to the cryptographic security software module for processing.

公开(公告)号：US20190190892A1

公开(公告)日：2019-06-20

申请号：US15841339

申请日：2017-12-14

Applicant: Mellanox Technologies, Ltd.

Inventor： Adi Menachem ,  Liran Liss ,  Boris Pismenny

IPC: H04L29/06 ,  H04L9/14 ,  H04L9/32 ,  G06F9/455

CPC classification number: H04L63/0428 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/602 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L9/0897 ,  H04L9/14 ,  H04L9/3226 ,  H04L63/0485 ,  H04L63/164 ,  H04L2209/12

Abstract: Computing apparatus includes a host processor, which runs a virtual machine monitor (VMM), which supports a plurality of virtual machines and includes a cryptographic security software module. A network interface controller (NIC) links the host processor to a network so as to transmit and receive data packets from and to the virtual machines and includes a cryptographic security hardware logic module, which when invoked by the VMM, applies the cryptographic security protocol to the data packets while maintaining a state context of the protocol with respect to each of the virtual machines. Upon encountering an exception in applying the cryptographic security protocol, the NIC transfers the data packet, together with the state context of the cryptographic security protocol with respect to the given virtual machine, to the cryptographic security software module for processing.

公开(公告)号：US20190132085A1

公开(公告)日：2019-05-02

申请号：US15796803

申请日：2017-10-29

Applicant: Mellanox Technologies, Ltd.

Inventor： Alexander Shpiner ,  Adi Menachem ,  Eitan Zahavi ,  Noam Bloch ,  Ariel Shahar

IPC: H04L1/08 ,  H04L1/16 ,  H04L1/18

Abstract: A network element processes a data flow in accordance with a communications protocol in which respective incremental sequence numbers are assigned to segments of the data flow. The segments are sent from the network element to the other network element in order of the sequence numbers, and respective acknowledgements are received from the other network element. The acknowledgements may include the highest sequence number of the segments of the flow that were received in the other network element. After transmitting the last segment of the data flow an additional segment is sent to the other network element. When it is determined from an acknowledgement of the additional segment that the last segment of the data flow was not received by the other network element, the last segment is retransmitted.

公开(公告)号：US10031857B2

公开(公告)日：2018-07-24

申请号：US14953462

申请日：2015-11-30

Applicant: MELLANOX TECHNOLOGIES LTD.

Inventor： Adi Menachem ,  Shlomo Raikin ,  Idan Burstein ,  Michael Kagan

IPC: G06F13/36 ,  G06F12/1009 ,  G06F12/1027 ,  G06F13/38 ,  G06F13/28

Abstract: A method in a system that includes first and second devices that communicate with one another over a fabric that operates in accordance with a fabric address space, and in which the second device accesses a local memory via a local connection and not over the fabric, includes sending from the first device to a translation agent (TA) a translation request that specifies an untranslated address in an address space according to which the first device operates, for directly accessing the local memory of the second device. A translation response that specifies a respective translated address in the fabric address space, which the first device is to use instead of the untranslated address is received by the first device. The local memory of the second device is directly accessed by the first device over the fabric by converting the untranslated address to the translated address.

公开(公告)号：US20170017609A1

公开(公告)日：2017-01-19

申请号：US15202590

申请日：2016-07-06

Applicant: Mellanox Technologies Ltd.

Inventor： Adi Menachem ,  Shachar Raindel

IPC: G06F15/173 ,  G06F9/455 ,  G06F13/42 ,  G06F13/40

CPC classification number: G06F15/17331 ,  G06F9/45558 ,  G06F13/4022 ,  G06F13/4282 ,  G06F2009/45579

Abstract: Computing apparatus includes a central processing unit (CPU), which is configured to run concurrently multiple virtual machines, including at least first and second virtual machines. A peripheral component bus is connected to communicate with the CPU. Multiple peripheral devices are connected to communicate via the bus with the CPU and with others of the peripheral devices, including at least first and second peripheral devices that are each respectively partitioned into at least first and second functional entities, which are respectively assigned to serve the at least first and second virtual machines. Access control logic is configured to forward peer-to-peer communications initiated by the functional entities between the peripheral devices over the bus while inhibiting access in the peer-to-peer communications between the functional entities that are assigned to different ones of the virtual machines.

Abstract translation: 计算装置包括中央处理单元（CPU），其被配置为同时运行多个虚拟机，包括至少第一和第二虚拟机。 连接外设组件总线以与CPU通信。 多个外围设备被连接以经由总线与CPU和外围设备的其他设备进行通信，包括至少第一和第二外围设备，每个外围设备分别被划分为至少第一和第二功能实体，其分别被分配用于服务于 至少第一和第二虚拟机。 访问控制逻辑被配置为通过总线转发由外围设备之间的功能实体发起的对等通信，同时禁止分配给不同虚拟机的功能实体之间的对等通信中的访问 。

公开(公告)号：US11558175B2

公开(公告)日：2023-01-17

申请号：US17233591

申请日：2021-04-19

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Miriam Menes ,  Noam Bloch ,  Adi Menachem ,  Idan Burstein ,  Ariel Shahar ,  Maxim Fudim

IPC: H04L9/06 ,  H04L9/08 ,  H04L9/32

Abstract: In one embodiment, data communication apparatus includes a network interface for connection to a network and configured to receive a sequence of data packets from a remote device over the network, the sequence including data blocks, ones of the data blocks having block boundaries that are not aligned with payload boundaries of the packets, and packet processing circuitry to cryptographically process the data blocks using a block cipher so as to write corresponding cryptographically processed data blocks to a memory, while holding segments of respective ones of the received data blocks in the memory, such that the packet processing circuitry stores a first segment of a data block of a first packet in the memory until a second packet is received, and then cryptographically processes the first and second segments together so as to write a corresponding cryptographically processed data block to the memory.

公开(公告)号：US20200259803A1

公开(公告)日：2020-08-13

申请号：US16858874

申请日：2020-04-27

Applicant: Mellanox Technologies, Ltd.

Inventor： Adi Menachem ,  Liran Liss ,  Boris Pismenny

IPC: H04L29/06 ,  H04L9/08 ,  G06F21/53 ,  G06F21/60 ,  H04L9/32 ,  H04L9/14 ,  G06F9/455

Abstract: Computing apparatus includes a host processor, which runs a virtual machine monitor (VMM), which supports a plurality of virtual machines and includes a cryptographic security software module. A network interface controller (NIC) links the host processor to a network so as to transmit and receive data packets from and to the virtual machines and includes a cryptographic security hardware logic module, which when invoked by the VMM, applies the cryptographic security protocol to the data packets while maintaining a state context of the protocol with respect to each of the virtual machines. Upon encountering an exception in applying the cryptographic security protocol, the NIC transfers the data packet, together with the state context of the cryptographic security protocol with respect to the given virtual machine, to the cryptographic security software module for processing.

公开(公告)号：US10430374B2

公开(公告)日：2019-10-01

申请号：US15196088

申请日：2016-06-29

Applicant: Mellanox Technologies Ltd.

Inventor： Adi Menachem ,  Ariel Shahar ,  Noam Bloch ,  Diego Crupnicoff ,  Michael Kagan

IPC: G06F15/173 ,  H04L29/06 ,  G06F13/28 ,  H04L1/16 ,  H04L1/18

Abstract: A method for data transfer includes transmitting a sequence of data packets, including at least a first packet and a second packet transmitted subsequently to the first packet, from a first computer over a network to a second computer in a single remote direct memory access (RDMA) data transfer transaction. Upon receipt of the second packet at the second computer without previously having received the first packet, a negative acknowledgment (NAK) packet is sent from the second computer over the network to the first computer, indicating that the first packet was not received. In response to the NAK packet, the first packet is retransmitted from the first computer to the second computer without retransmitting the second packet.

公开(公告)号：US20190116127A1

公开(公告)日：2019-04-18

申请号：US16159767

申请日：2018-10-15

Applicant: Mellanox Technologies, Ltd.

Inventor： Boris Pismenny ,  Liran Liss ,  Ilya Lesokhin ,  Haggai Eran ,  Adi Menachem

IPC: H04L12/833 ,  H04L29/06 ,  H04L12/931 ,  H04L12/851 ,  H04L29/08

Abstract: Packet processing apparatus includes a first interface coupled to a host processor and a second interface configured to transmit and receive data packets to and from a packet communication network. A memory holds context information with respect to one or more flows of the data packets conveyed between the host processor and the network in accordance with a reliable transport protocol and with respect to encoding, in accordance with a session-layer protocol, of data records that are conveyed in the payloads of the data packets in the one or more flows. Processing circuitry, coupled between the first and second interfaces, transmits and receives the data packets and includes acceleration logic, which encodes and decodes the data records in accordance with the session-layer protocol using the context information while updating the context information in accordance with the serial numbers and the data records of the transmitted data packets.

公开(公告)号：US10248610B2

公开(公告)日：2019-04-02

申请号：US15177348

申请日：2016-06-09

Applicant: Mellanox Technologies Ltd.

Inventor： Adi Menachem ,  Shachar Raindel

IPC: G06F13/42 ,  G06F11/30 ,  G06F13/28 ,  G06F11/32 ,  G06F15/173

Abstract: A method for computing includes submitting a first command from a central processing unit (CPU) to a first peripheral device in a computer to write data in a first bus transaction over a peripheral component bus in the computer to a second peripheral device in the computer. A second command is submitted from the CPU to one of the first and second peripheral devices to execute a second bus transaction, subsequent to the first bus transaction, that will flush the data from the peripheral component bus to the second peripheral device. The first and second bus transactions are executed in response to the first and second commands. Following completion of the second bus transaction, the second peripheral device processes the written data in.