公开(公告)号：US12095882B2

公开(公告)日：2024-09-17

申请号：US18130733

申请日：2023-04-04

Applicant: Intel Corporation

Inventor： Daniel Daly ,  John Fastabend ,  Matthew Vick ,  Brian J. Skerry ,  Marco Varlese ,  Jing Mark Chen ,  Danny Y. Zhou

IPC: H04L67/561 ,  H04L49/00 ,  H04L69/22 ,  H04L69/324

CPC classification number: H04L67/561 ,  H04L49/70 ,  H04L69/22 ,  H04L69/324

Abstract: Devices and techniques for accelerated packet processing are described herein. The device can match an action to a portion of a network data packet and accelerate the packet-processing pipeline for the network data packet through the machine by processing the action.

公开(公告)号：US11797076B2

公开(公告)日：2023-10-24

申请号：US17364523

申请日：2021-06-30

Applicant: Intel Corporation

Inventor： Brian J. Skerry ,  Ira Weiny ,  Patrick Connor ,  Tsung-Yuan C. Tai ,  Alexander W. Min

IPC: G06F1/3234 ,  G06F1/3209 ,  H04L49/00 ,  H04L49/40

CPC classification number: G06F1/3243 ,  G06F1/3209 ,  H04L49/40 ,  H04L49/70 ,  Y02D10/00

Abstract: A computer-implemented method can include receiving a queue depth for a receive queue of a network interface controller (NIC), determining whether a power state of a central processing unit (CPU) core mapped to the receive queue should be adjusted based on the queue depth, and adjusting the power state of the CPU core responsive to a determination that the power state of the CPU core should be adjusted.

公开(公告)号：US20230239368A1

公开(公告)日：2023-07-27

申请号：US18130733

申请日：2023-04-04

Applicant: Intel Corporation

Inventor： Daniel Daly ,  John Fastabend ,  Matthew Vick ,  Brian J. Skerry ,  Marco Varlese ,  Jing Mark Chen ,  Danny Y. Zhou

IPC: H04L67/561 ,  H04L69/22 ,  H04L69/324 ,  H04L49/00

CPC classification number: H04L67/561 ,  H04L69/22 ,  H04L69/324 ,  H04L49/70

Abstract: Devices and techniques for accelerated packet processing are described herein. The device can match an action to a portion of a network data packet and accelerate the packet-processing pipeline for the network data packet through the machine by processing the action.

公开(公告)号：US10469451B2

公开(公告)日：2019-11-05

申请号：US15396440

申请日：2016-12-31

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Mesut A. Ergin ,  John R. Fastabend ,  Shinae Woo ,  Jeffrey B. Shaw ,  Brian J. Skerry

IPC: H04L29/06 ,  G06F21/55

Abstract: Technologies for distributed detection of security anomalies include a computing device to establish a trusted relationship with a security server. The computing device reads one or more packets of at least one of an inter-virtual network function network or an inter-virtual network function component network in response to establishing the trusted relationship and performs a security threat assessment of the one or more packets. The computing device transmits the security threat assessment to the security server.

公开(公告)号：US10230765B2

公开(公告)日：2019-03-12

申请号：US15396533

申请日：2016-12-31

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Manuel Nedbal ,  Thomas M. Slaight ,  Brian J. Skerry ,  Ren Wang

IPC: H04L29/06 ,  G06F21/55

Abstract: Examples may include techniques to securely provision, configure, and de-provision virtual network functions for a software defined network or a cloud infrastructure elements. A policy for a virtual network function may be received, at a secure execution partition of circuitry, and the virtual network function configured to implement the policy by the secure execution partition of the circuitry. The secure execution partition may connect to the virtual network function through a virtual switch and may cause the virtual network function to implement a network function based on the policy.

公开(公告)号：US09871823B2

公开(公告)日：2018-01-16

申请号：US14582063

申请日：2014-12-23

Applicant: INTEL CORPORATION

Inventor： Kapil Sood ,  Manuel Nedbal ,  Thomas M. Slaight ,  Brian J. Skerry ,  Ren Wang

IPC: H04L29/06 ,  G06F21/55

CPC classification number: H04L63/20 ,  G06F21/554 ,  H04L63/0272 ,  H04L63/10 ,  H04L63/101 ,  H04L63/104 ,  H04L63/1441

Abstract: Examples may include techniques to securely provision, configure, and de-provision virtual network functions for a software defined network or a cloud infrastructure elements. A policy for a virtual network function may be received, at a secure execution partition of circuitry, and the virtual network function configured to implement the policy by the secure execution partition of the circuitry. The secure execution partition may connect to the virtual network function through a virtual switch and may cause the virtual network function to implement a network function based on the policy.

公开(公告)号：US20150370586A1

公开(公告)日：2015-12-24

申请号：US14311818

申请日：2014-06-23

Applicant: Intel Corporation

Inventor： Trevor Cooper ,  Brian J. Skerry

IPC: G06F9/455 ,  G06F13/40 ,  G06F13/28 ,  G06F12/08 ,  G06F12/02

CPC classification number: G06F9/45533 ,  G06F9/45558 ,  G06F12/0223 ,  G06F15/17331 ,  G06F2009/4557 ,  G06F2009/45595 ,  G06F2212/154

Abstract: Methods, software, and apparatus for implementing local service chaining (LSC) with virtual machines (VMs) or virtualized containers in Software Defined Networking (SDN). In one aspect a method is implemented on a compute platform including a plurality of VMs or containers, each including a virtual network interface controller (vNIC) communicatively coupled to a virtual switch in an SDN. LSCs are implemented via a plurality of virtual network appliances hosted by the plurality of VMs or containers. Each LCS comprises a sequence (chain) of services performed by virtual network appliances defined for the LSC. In connection with performing the chain of services, packet data is forwarded between VMs or containers using a cut-through mechanisms under which packet data is directly written to receive (Rx) buffers on the vNICs in a manner that bypasses the virtual switch. LSC indicia (e.g., through LSC tags) and flow tables are used to inform each virtual network appliance and/or or its host VM or container of the next vNIC Rx buffer or Rx port to which packet data is to be written.

Abstract translation: 用于在软件定义网络（SDN）中实现虚拟机（VM）或虚拟化容器的本地服务链接（LSC）的方法，软件和装置。 在一个方面，在包括多个VM或容器的计算平台上实现一种方法，每个虚拟机或容器包括通信地耦合到SDN中的虚拟交换机的虚拟网络接口控制器（vNIC）。 LSC通过由多个VM或容器托管的多个虚拟网络设备来实现。 每个LCS包括为LSC定义的虚拟网络设备执行的服务的序列（链）。 关于执行服务链，使用直接机制在VM或容器之间转发分组数据，在该切割机制下，分组数据被直接写入以绕过虚拟交换机的方式在vNIC上接收（Rx）缓冲区。 LSC标记（例如，通过LSC标签）和流表用于通知每个虚拟网络设备和/或其主机VM或容器的下一个vNIC Rx缓冲器或Rx端口，分组数据将被写入到该端口。