公开(公告)号：US06717946B1

公开(公告)日：2004-04-06

申请号：US10284759

申请日：2002-10-31

Applicant: Yoichi Hariguchi ,  Rina Panigrahy ,  Samar Sharma ,  Ashwath Nagaraj

Inventor： Yoichi Hariguchi ,  Rina Panigrahy ,  Samar Sharma ,  Ashwath Nagaraj

IPC: H04L1228

CPC classification number: G06F17/30985 ,  G11C15/00

Abstract: Methods and apparatus are disclosed for maintaining one or more ranges and identifying whether a value matches one of the ranges and optionally which range is matched. One implementation includes a range programming engine for generating one or more mapped subtrie values identifying each range, each of the mapped subtrie values identifying a different subset of the range. An associative memory stores the mapped subtrie ranges. A mapping engine receives a particular value and generates a lookup word including a mapped representation of the particular value. The associative memory performs a lookup operation to identify whether or not the particular value is within one of the ranges. In this manner, only a small number of associative memory entries are required to identify whether a mapped particular value falls within the range. The particular range matched can be identified such as by a read operation in an adjunct memory based on the address of the matching entry.

Abstract translation: 公开了用于维护一个或多个范围并且识别值是否匹配范围之一以及任选地匹配哪个范围的方法和装置。 一个实施方案包括用于生成识别每个范围的一个或多个映射子标记值的范围编程引擎，每个映射的子标识符标识该范围的不同子集。 关联存储器存储映射的子范围。 映射引擎接收特定值并生成包括特定值的映射表示的查找字。 关联存储器执行查找操作以识别特定值是否在范围之一内。 以这种方式，仅需要少量的关联存储器条目来识别映射的特定值是否落在该范围内。 可以通过基于匹配条目的地址的辅助存储器中的读取操作来识别匹配的特定范围。

公开(公告)号：US09379906B2

公开(公告)日：2016-06-28

申请号：US13351612

申请日：2012-01-17

Applicant: Samar Sharma ,  Chandramouli Radhakrishnan ,  Sameer Merchant ,  Anand Parthasarathy ,  Murali Basavaiah

Inventor： Samar Sharma ,  Chandramouli Radhakrishnan ,  Sameer Merchant ,  Anand Parthasarathy ,  Murali Basavaiah

IPC: H04L12/28 ,  H04L12/46 ,  H04L29/08 ,  H04L12/931

CPC classification number: H04L12/4625 ,  H04L49/70 ,  H04L67/1097

Abstract: Techniques and a network edge device are provided herein to extend local area networks (LANs) and storage area networks (SANs) beyond a data center while converging the associated local area network and storage area network host layers. A packet is received at a device in a network. It is determined if the packet is routed to a local or remote storage area network or local area network. In response to determining that the packet routed to a remote storage area network, storage area network extension services are performed with respect to the packet in order to extend the storage area network on behalf of a remote location. In response to determining that the packet is routed to a local local area network traffic, local area network extension services are performed with respect to the packet in order to extend the local area network on behalf of the remote location.

Abstract translation: 技术和网络边缘设备在本文中被提供以将局域网（LAN）和存储区域网络（SAN）扩展到数据中心之外，同时会聚相关联的局域网和存储区域网络主机层。 在网络中的设备处接收到分组。 确定分组是否被路由到本地或远程存储区域网络或局域网。 响应于确定分组路由到远程存储区域网络，针对分组执行存储区域网络扩展服务，以便代表远程位置扩展存储区域网络。 响应于确定分组被路由到本地局域网业务，相对于分组执行局域网扩展服务，以便代表远程位置扩展局域网。

公开(公告)号：US09088584B2

公开(公告)日：2015-07-21

申请号：US13329023

申请日：2011-12-16

Applicant: Chao Feng ,  Samar Sharma ,  Ronak Desai ,  Diheng Qu

Inventor： Chao Feng ,  Samar Sharma ,  Ronak Desai ,  Diheng Qu

IPC: G06F11/00 ,  H04L29/08 ,  G06F11/20

CPC classification number: H04L67/1031 ,  G06F11/16 ,  G06F11/2007 ,  G06F11/2028 ,  G06F11/203 ,  G06F11/2035 ,  G06F11/2038

Abstract: An example method includes disengaging a target node from a cluster, where the disengaging comprises: selecting an inheritor; migrating flows from the target node to the inheritor; informing a migration manager that the target node is disengaged from the cluster; and broadcasting to peer nodes of the target node that the target node is replaced by the inheritor. In particular implementations of the present disclosure, the cluster can include a first layer of a network topology including a forwarding engine that implements hash-based packet forwarding; a second layer of the network topology comprising the target node and the inheritor, where the target node and the inheritor implement flow-based packet forwarding; and a third layer including service nodes configured for packet processing in a network.

Abstract translation: 示例性方法包括从群集分离目标节点，其中分离包括：选择继承者; 将流从目标节点迁移到继承者; 通知迁移管理器目标节点与群集脱离; 并且向目标节点的对等节点广播目标节点被继承者替换。 在本公开的特定实现中，集群可以包括网络拓扑的第一层，包括实现基于散列的分组转发的转发引擎; 所述网络拓扑的第二层包括所述目标节点和所述继承者，其中所述目标节点和所述继承者实现基于流的分组转发; 以及包括被配置用于网络中的分组处理的服务节点的第三层。

公开(公告)号：US08510837B2

公开(公告)日：2013-08-13

申请号：US11967731

申请日：2007-12-31

Applicant: Fabio R. Maino ,  Dinesh G. Dutt ,  Samar Sharma ,  Arindam Paul

Inventor： Fabio R. Maino ,  Dinesh G. Dutt ,  Samar Sharma ,  Arindam Paul

IPC: H04L29/06

CPC classification number: G06F21/564 ,  G06F21/566 ,  G06F2221/2151

Abstract: Embodiments of the invention improve the detection of malicious software applications, such as a rootkit, on hosts configured to access storage volumes over a storage area network (SAN). A rootkit detection program running on a switch may be configured to detect rootkits present on the storage volumes of the SAN. Because the switch may mount and access storage volumes independently from the (possibly comprised) hosts, the rootkit is not able to conceal itself from the rootkit detection program running on the switch.

Abstract translation: 本发明的实施例改进了被配置为通过存储区域网络（SAN）访问存储卷的主机上的恶意软件应用程序（例如rootkit）的检测。 可以将在交换机上运行的rootkit检测程序配置为检测存储在SAN存储卷上的rootkit。 因为交换机可以独立于（可能包含的）主机安装和访问存储卷，所以rootkit不能将自己隐藏在交换机上运行的rootkit检测程序中。

公开(公告)号：US20120207177A1

公开(公告)日：2012-08-16

申请号：US13442704

申请日：2012-04-09

Applicant: Samar Sharma ,  Sanjaya Kumar ,  Srinivas Avasarala ,  Gaurav Rastogi ,  Jeevan Kamisetty

Inventor： Samar Sharma ,  Sanjaya Kumar ,  Srinivas Avasarala ,  Gaurav Rastogi ,  Jeevan Kamisetty

IPC: H04L12/56

CPC classification number: H04L49/555 ,  H04L12/4641 ,  H04L43/00 ,  H04L43/18 ,  H04L49/357 ,  H04L2212/00

Abstract: Methods and apparatus for performing SPAN for a virtual port are disclosed. Specifically, a frame is received from a first port. The frame or a copy thereof is transmitted to a second port, where the second port is identified in a header of the frame. At least one of the first port and the second port is a virtual port. The frame or a copy thereof is also transmitted to a third port, thereby enabling an analyzer coupled to the third port to analyze traffic received by the third port.

Abstract translation: 公开了用于为虚拟端口执行SPAN的方法和装置。 具体地说，从第一端口接收帧。 帧或其副本被发送到第二端口，其中第二端口在帧的标题中被识别。 第一个端口和第二个端口中的至少一个是虚拟端口。 该帧或其副本也被发送到第三端口，从而使能够耦合到第三端口的分析器来分析由第三端口接收的业务。

公开(公告)号：US07953943B2

公开(公告)日：2011-05-31

申请号：US12506975

申请日：2009-07-21

Applicant: Samar Sharma ,  Dinesh G. Dutt ,  Fabio R. Maino ,  Sanjaya Kumar

Inventor： Samar Sharma ,  Dinesh G. Dutt ,  Fabio R. Maino ,  Sanjaya Kumar

IPC: G06F13/00

CPC classification number: G06F11/2082 ,  H04L67/1097

Abstract: In one embodiment, a MUD logger receives a notification from another MUD logger maintaining another MUD log for a volume, the notification indicating one or more modifications to be made to a MUD log maintained by the MUD logger receiving the notification, wherein the MUD log includes information for one or more epochs, wherein the information for each of the epochs indicates a set of one or more regions of the volume that have been modified during the corresponding epoch. The MUD logger updates the MUD log associated with the volume, wherein updating the MUD log is performed in response to the notification.

Abstract translation: 在一个实施例中，MUD记录器从另一个MUD记录器接收另一个MUD记录器的通知，该通知维护另一个用于卷的MUD日志，该通知指示对由接收到通知的MUD记录器维护的MUD日志进行的一个或多个修改，其中MUD日志包括 用于一个或多个纪元的信息，其中每个历元的信息指示在相应历元期间已被修改的该卷的一个或多个区域的集合。 MUD记录器更新与卷关联的MUD日志，其中更新MUD日志是响应通知而执行的。

公开(公告)号：US07765194B1

公开(公告)日：2010-07-27

申请号：US11378991

申请日：2006-03-17

Applicant: Samar Sharma ,  Arindam Paul ,  Umesh Mahajan

Inventor： Samar Sharma ,  Arindam Paul ,  Umesh Mahajan

IPC: G06F17/00

CPC classification number: G06F8/71 ,  G06F9/44536

Abstract: Methods and apparatus are provided for detecting and maintaining version compatibility in network devices. Interfaces associated with network devices and components are controlled in order to generate compatibility information at compile time. Version compatibility information embedded in image headers is checked during installation. Version compatibility information is also used to generate access control lists. Access control lists prevent incompatible device communication during run time.

Abstract translation: 提供了用于检测和维护网络设备中的版本兼容性的方法和装置。 控制与网络设备和组件相关联的接口，以便在编译时生成兼容性信息。 在安装过程中检查映像头中嵌入的版本兼容性信息。 版本兼容性信息也用于生成访问控制列表。 访问控制列表在运行时阻止不兼容的设备通信。

公开(公告)号：US20100023724A1

公开(公告)日：2010-01-28

申请号：US12573815

申请日：2009-10-05

Applicant: Rajesh Bhandari ,  Samar Sharma ,  Sanjaya Kumar

Inventor： Rajesh Bhandari ,  Samar Sharma ,  Sanjaya Kumar

IPC: G06F12/00

CPC classification number: H04L67/1097

Abstract: The disclosed embodiments support improvements in network performance in networks such as storage area networks. This is particularly important in networks such as those implementing virtualization. These improvements, therefore, support improved mechanisms for performing processing in network devices such as switches, routers, or hosts. These improvements include various different mechanisms which may be used separately or in combination with one another. These mechanisms include methods and apparatus for processing traffic in an arbitrated loop, performing striping to support fairness and/or loop tenancy, performing configuration of network devices such as switches to enable virtualization to be performed closest to the storage device (e.g., disk), ascertaining a CPU efficiency that quantifies the impact of virtualization on a processor, and configuring or accessing a striped volume to account for metadata stored in each storage partition.

Abstract translation: 所公开的实施例支持诸如存储区域网络的网络中的网络性能的改进。 这在执行虚拟化的网络中尤其重要。 因此，这些改进支持在网络设备（如交换机，路由器或主机）中执行处理的改进机制。 这些改进包括可以单独使用或彼此组合使用的各种不同的机制。 这些机制包括用于处理仲裁环路中的业务的方法和装置，执行条带化以支持公平性和/或循环租赁，执行诸如交换机之类的网络设备的配置，以使最靠近存储设备（例如，磁盘）执行虚拟化， 确定量化虚拟化对处理器的影响的CPU效率，以及配置或访问条带卷以考虑存储在每个存储分区中的元数据。

公开(公告)号：US20090259816A1

公开(公告)日：2009-10-15

申请号：US12365076

申请日：2009-02-03

Applicant: Samar Sharma ,  Silvano Gai ,  Dinesh Dutt ,  Sanjaya Kumar ,  Umesh Mahajan

Inventor： Samar Sharma ,  Silvano Gai ,  Dinesh Dutt ,  Sanjaya Kumar ,  Umesh Mahajan

IPC: G06F12/16

CPC classification number: G06F11/2064 ,  G06F11/2069 ,  G06F11/2082 ,  G06F11/2087 ,  G06F2201/84

Abstract: A technique is provided for implementing online mirroring of a volume in a storage area network. A first instance of the volume is instantiated at a first port of the fibre channel fabric for enabling I/O operations to be performed at the volume. One or more mirroring procedures may be performed at the volume. In at least one implementation, the first port is able to perform first I/O operations at the volume concurrently while the mirroring procedures are being performed at the first volume. In one implementation, the mirroring procedures may be implemented at a fabric switch of the storage area network. Additionally, in at least one implementation, multiple hosts may be provided with concurrent access to the volume during the mirroring operations without serializing the access to the volume.

Abstract translation: 提供了一种用于实现存储区域网络中的卷的在线镜像的技术。 该卷的第一个实例在光纤通道结构的第一个端口处被实例化，以便在卷上执行I / O操作。 可以在体积上执行一个或多个镜像过程。 在至少一个实现中，第一个端口能够在第一个卷执行镜像过程时同时执行卷上的第一个I / O操作。 在一个实现中，可以在存储区域网络的结构交换机处实现镜像过程。 此外，在至少一个实现中，可以在镜像操作期间向多个主机提供对卷的并发访问，而不对序列化对卷的访问。

公开(公告)号：US07356573B2

公开(公告)日：2008-04-08

申请号：US11177880

申请日：2005-07-08

Applicant: Samar Sharma ,  Roy M. D'Cruz ,  Sanjaya Kumar ,  Prashant Billore ,  Dinesh G. Dutt ,  Thomas J. Edsall

Inventor： Samar Sharma ,  Roy M. D'Cruz ,  Sanjaya Kumar ,  Prashant Billore ,  Dinesh G. Dutt ,  Thomas J. Edsall

IPC: G06F15/16 ,  G06F15/167 ,  G06F3/00 ,  H04L12/50

CPC classification number: H04L67/1097 ,  H04L63/00 ,  H04L63/30

Abstract: Disclosed are methods and apparatus for data tapping within a storage area network (SAN) and providing tapped data to a third party device, such as an appliance. In general, mechanisms are provided in a SAN to allow a data tap of data flowing between an initiator and a target. In one implementation, a data virtual target (DVT) in created in a network device to intercept data sent by a specific initiator to a specific logical unit of a specific target. The data or a copy of the data is sent to both the specific logical unit of the specific target and to an appliance. The data routing may be accomplished by use of a virtual initiator (VI), which is configured to send the data (or a copy of the data) to the specific target and the appliance. In a transparent mode of operations, the DVT has a same PWWN (port world wide name) and FCID (fibre channel identifier) as the specific target. In a first proxy mode of operation, the DVT has a different PWWN and FCID than the specific target. In a second proxy mode of operation, the DVT has a same PWWN and different FCID than the specific target.

Abstract translation: 公开了用于在存储区域网络（SAN）内进行数据窃取的方法和装置，并且向第三方设备（例如设备）提供分接数据。 通常，在SAN中提供机制以允许在启动器和目标之间流动的数据的数据抽头。 在一个实现中，在网络设备中创建的数据虚拟目标（DVT），以将由特定发起者发送的数据截取到特定目标的特定逻辑单元。 将数据或数据副本发送到特定目标的特定逻辑单元和设备。 可以通过使用虚拟启动器（VI）来实现数据路由，其被配置为将数据（或数据的副本）发送到特定目标和设备。 在透明的操作模式下，DVT具有与特定目标相同的PWWN（端口世界名称）和FCID（光纤通道标识符）。 在第一代理操作模式下，DVT具有与特定目标不同的PWWN和FCID。 在第二代理操作模式下，DVT具有与特定目标相同的PWWN和不同的FCID。