公开(公告)号：US20060092840A1

公开(公告)日：2006-05-04

申请号：US11259041

申请日：2005-10-27

申请人： Bruce Kwan ,  Puneet Agarwal

发明人： Bruce Kwan ,  Puneet Agarwal

IPC分类号： H04L12/26

CPC分类号： H04L47/10 ,  H04L47/11 ,  H04L47/12 ,  H04L47/2441 ,  H04L47/2466 ,  H04L47/283 ,  H04L47/29 ,  H04L47/31 ,  H04L47/32 ,  H04L49/50

摘要： An intelligent fabric congestion control apparatus and method are provided to receive data packets from source endpoints and output the data packets to destination endpoints. The apparatus and method include a counter, a timer, and a controller. The counter increments from a preset value when a data packet is received at an egress queue and decrements when the data packet is output from the egress queue. The timer starts timing in response to the incrementing of the counter from the preset value. The controller performs one of resetting the timer when the counter is decremented to the preset value prior to the timer reaching a first threshold, and detecting a persistent congestion when the timer reaches the first threshold.

摘要翻译： 提供了一种智能结构拥塞控制装置和方法，用于从源端点接收数据包，并将数据包输出到目标端点。 该装置和方法包括计数器，定时器和控制器。 当在出口队列处接收到数据分组时，计数器从预置值递增，并且当从出口队列输出数据分组时，计数器递减。 定时器响应于从预设值增加计数器开始定时。 控制器在定时器达到第一阈值之前将计数器减小到预设值，并且当定时器达到第一阈值时检测持续拥塞，来执行重置定时器之一。

公开(公告)号：US20060092837A1

公开(公告)日：2006-05-04

申请号：US11260269

申请日：2005-10-28

申请人： Bruce Kwan ,  Puneet Agarwal ,  Eugene Opsasnick

发明人： Bruce Kwan ,  Puneet Agarwal ,  Eugene Opsasnick

IPC分类号： H04L12/26 ,  H04L12/56 ,  H04J3/22 ,  H04L1/00 ,  H04L12/28 ,  H04J3/16

CPC分类号： H04L47/10 ,  H04L47/12 ,  H04L47/2441 ,  H04L47/266 ,  H04L47/29 ,  H04L47/30

摘要： A dynamic threshold apparatus and method are provided including a flow control sender and a flow control receiver. The flow control sender includes an ingress port with one or more Class Groups (CG) defined including a shared buffer pool, a shared counter per ingress port per CG tracking an amount of the shared buffer pool utilized by each CG, an ingress port utilization counter per ingress port tracking an amount of the shared buffer pool utilized by the ingress port, and a controller computing a dynamic threshold for each CG, comparing the dynamic threshold of each CG with the ingress port utilization counter, and determining a particular CG experiencing congestion when the ingress port utilization counter is greater than the dynamic threshold for the particular CG. The flow control receiver ceases transmission of data packets to the particular CG experiencing congestion and allows transmission of the data packets corresponding to other CGs.

摘要翻译： 提供了一种动态阈值装置和方法，包括流控制发送器和流控制接收器。 流控制发送器包括具有定义的一个或多个类组（CG）的入口端口，其包括共享缓冲器池，每个每个入口端口的共享计数器跟踪每个CG使用的共享缓冲池的量，入口端口利用计数器 每个进入端口跟踪由入口端口使用的共享缓冲池的量，以及控制器计算每个CG的动态阈值，将每个CG的动态阈值与入口端口利用计数器进行比较，以及确定特定的CG在遇到拥塞时遇到的拥塞 入口端口利用计数器大于特定CG的动态阈值。 流控制接收器停止数据分组到特定的CG的拥塞传输，并允许传输与其它CG对应的数据分组。

公开(公告)号：US09166927B2

公开(公告)日：2015-10-20

申请号：US12255488

申请日：2008-10-21

申请人： Ariel Hendel ,  Bruce Kwan ,  Puneet Agarwal ,  Mohan Kalkunte

发明人： Ariel Hendel ,  Bruce Kwan ,  Puneet Agarwal ,  Mohan Kalkunte

IPC分类号： H04L12/933 ,  H04L12/715 ,  H04L12/713 ,  H04L12/931 ,  H04L12/939 ,  H04L12/46

CPC分类号： H04L49/1515 ,  H04L12/4641 ,  H04L45/04 ,  H04L45/586 ,  H04L49/505 ,  H04L49/552

摘要： Methods and apparatus for communicating data traffic using switch fabric dispersion are disclosed. An example apparatus includes a first tier of switch elements; and a second tier of switch elements operationally coupled with the first tier of switch elements. In the example apparatus, the first tier of switch elements is configured to receive a data packet from a source. The first tier of switch elements is also configured to route the data packet to the second tier of switch elements in accordance with a dispersion function, where the dispersion function is based on a dispersion tag associated with the data packet. The first tier of switch elements is still further configured to transmit the data packet to a destination for the data packet after receiving it from the second tier of switch elements.

摘要翻译： 公开了使用交换矩阵色散来传送数据业务的方法和装置。 示例性装置包括第一层开关元件; 以及与第一层开关元件可操作地耦合的第二层开关元件。 在示例性装置中，第一层交换元件被配置为从源接收数据分组。 第一层交换单元还被配置为根据色散函数将数据分组路由到第二层交换单元，其中色散函数基于与数据分组相关联的色散标签。 第一层交换机元件还被配置为在从第二层交换机元件接收数据分组之后将数据分组发送到数据分组的目的地。

公开(公告)号：US20100271946A1

公开(公告)日：2010-10-28

申请号：US12766518

申请日：2010-04-23

申请人： Shahram Davari ,  Bruce Kwan ,  Puneet Agarwal

发明人： Shahram Davari ,  Bruce Kwan ,  Puneet Agarwal

IPC分类号： H04L12/56

CPC分类号： H04L47/10 ,  H04L47/215 ,  H04L47/2458 ,  H04L47/29 ,  H04L47/31

摘要： Example methods and apparatus for hierarchical bandwidth management are disclosed. An example method includes, using dual-token bucket meters (two-rate three-color meters) to meter bandwidth usage by individual microflows and associated macroflows (combinations of microflows). The dual-token bucket meters are used to locally and finally mark the packets using a three-color marking approach. In the example method, forwarding and discard decisions for packets processed using such techniques are made based on the final marking.

摘要翻译： 公开了用于分级带宽管理的示例方法和装置。 示例性方法包括使用双令牌桶计（双速三色计）来计算单个微流量和相关宏流（微流的组合）的带宽利用率。 双令牌桶仪表用于本地，最后使用三色标记方式标记数据包。 在示例方法中，基于最终标记来进行使用这些技术处理的分组的转发和丢弃决定。

公开(公告)号：US20100097934A1

公开(公告)日：2010-04-22

申请号：US12255488

申请日：2008-10-21

申请人： Ariel Hendel ,  Bruce Kwan ,  Puneet Agarwal ,  Mohan Kalkunte

发明人： Ariel Hendel ,  Bruce Kwan ,  Puneet Agarwal ,  Mohan Kalkunte

IPC分类号： H04L12/56

CPC分类号： H04L49/1515 ,  H04L12/4641 ,  H04L45/04 ,  H04L45/586 ,  H04L49/505 ,  H04L49/552

摘要： Methods and apparatus for communicating data traffic using switch fabric dispersion are disclosed. An example apparatus includes a first tier of switch elements; and a second tier of switch elements operationally coupled with the first tier of switch elements. In the example apparatus, the first tier of switch elements is configured to receive a data packet from a source. The first tier of switch elements is also configured to route the data packet to the second tier of switch elements in accordance with a dispersion function, where the dispersion function is based on a dispersion tag associated with the data packet. The first tier of switch elements is still further configured to transmit the data packet to a destination for the data packet after receiving it from the second tier of switch elements. In the example apparatus the second tier of switch elements is configured to receive the data packet from the first tier of switch elements and route the data packet, based on a destination address of the data packet, back to the first tier of switch elements for transmission to the destination.

摘要翻译： 公开了使用交换矩阵色散来传送数据业务的方法和装置。 示例性装置包括第一层开关元件; 以及与第一层开关元件可操作地耦合的第二层开关元件。 在示例性装置中，第一层交换元件被配置为从源接收数据分组。 第一层交换单元还被配置为根据色散函数将数据分组路由到第二层交换单元，其中色散函数基于与数据分组相关联的色散标签。 第一层交换机元件还被配置为在从第二层交换机元件接收数据分组之后将数据分组发送到数据分组的目的地。 在示例设备中，第二层交换元件被配置为从第一层交换元件接收数据分组，并且基于数据分组的目的地地址将数据分组路由回到用于传输的第一层交换单元 到目的地。

公开(公告)号：US20060092845A1

公开(公告)日：2006-05-04

申请号：US11260232

申请日：2005-10-28

申请人： Bruce Kwan ,  Eugene Opsasnick ,  Puneet Agarwal

发明人： Bruce Kwan ,  Eugene Opsasnick ,  Puneet Agarwal

IPC分类号： H04J1/16

CPC分类号： H04L47/50

摘要： A service aware flow control apparatus and method for multiple classes of data packets. A flow control sender includes a buffer of an ingress port per Class Group or Class of Service (COS). A counter per COS tracks an amount of buffer utilization per ingress port per COS, and each counter comprises an XOFF threshold level of congestion and an XON threshold. A controller detects, during transmission of the data packets, a counter associated with a buffer for a particular COS has risen to be greater than or equal to the XOFF threshold level of congestion. A flow control receiver ceases transmission of the data packets to the buffer for the particular COS experiencing congestion and allowing transmission of the data packets corresponding to other COS in the flow control sender.

公开(公告)号：US20060092836A1

公开(公告)日：2006-05-04

申请号：US11259095

申请日：2005-10-27

申请人： Bruce Kwan ,  Puneet Agarwal

发明人： Bruce Kwan ,  Puneet Agarwal

IPC分类号： H04J3/14 ,  H04L12/56

CPC分类号： H04L47/10 ,  H04L47/11 ,  H04L47/12 ,  H04L47/2466 ,  H04L47/26 ,  H04L47/283 ,  H04L47/31 ,  H04L47/33

摘要： An intelligent congestion feedback apparatus and method thereof includes a source endpoint transmitting data packets, and a destination endpoint receiving the data packets, and a timer in the destination endpoint set to zero. An intermediate node detects congestion between the source endpoint and the destination endpoint. Upon congestion detection, the intermediate node marks the data packets transmitted to the destination endpoint indicative of congestion. Upon receipt of the marked data packets, the timer begins reverse counting from a preset time value to zero and a feedback loop is turned-on between the destination endpoint and the source endpoint to transmit congestion notification (CN) messages to the source endpoint contributing to the congestion.

摘要翻译： 一种智能拥塞反馈装置及其方法包括源端点发送数据分组，以及接收数据分组的目的端点，目的端点中的定时器设置为零。 中间节点检测源端点和目标端点之间的拥塞。 在拥塞检测时，中间节点标记发送到指示拥塞的目的地端点的数据分组。 在接收到标记的数据分组之后，定时器开始从预设时间值反向计数到零，并且在目的地端点和源端点之间接通反馈环路，以将阻塞通知（CN）消息传送到源端点，从而有助于 拥堵。

公开(公告)号：US09043450B2

公开(公告)日：2015-05-26

申请号：US12580094

申请日：2009-10-15

申请人： Rupa Budhia ,  Puneet Agarwal

发明人： Rupa Budhia ,  Puneet Agarwal

IPC分类号： G06F15/177 ,  G06F9/50 ,  H04L29/08

CPC分类号： G06F9/5044 ,  G06F2209/509 ,  H04L69/32

摘要： An system comprising an ingress device configured to receive and process data, wherein the ingress device comprises a plurality of processing stages configured to process the data, wherein a configurable subset of the stages comprises a selectable tap point, and wherein the ingress device is further configured to, upon reaching a selected tap point, suspend processing and send at least a portion of the data to another device; an offload engine device configured to receive data from the ingress device, after the selected tap point has been reached, and to provide additional processing of the data, which the ingress device is not configured to provide; an egress device configured to transmit the data that has been additionally processed by the offload engine device.

摘要翻译： 一种包括被配置为接收和处理数据的入口设备的系统，其中所述入口设备包括被配置为处理所述数据的多个处理级，其中所述级的可配置子集包括可选择的抽头点，并且其中所述入口设备被进一步配置 在到达所选择的分接点之后，暂停处理并将至少一部分数据发送到另一设备; 卸载引擎装置，其被配置为在到达所选择的分接点之后从所述入口设备接收数据，并且为所述数据提供附加处理，所述数据是入口设备未被配置为提供的; 被配置为发送由卸载引擎设备另外处理的数据的出口设备。

公开(公告)号：US08782755B2

公开(公告)日：2014-07-15

申请号：US12409223

申请日：2009-03-23

申请人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary

发明人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary

IPC分类号： G06F15/16 ,  G06F9/455 ,  G06F21/53 ,  G06F21/31 ,  H04L29/06 ,  H04L29/08

CPC分类号： H04L63/0876 ,  G06F21/31 ,  G06F21/53 ,  G06F2009/4557 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/10 ,  H04L63/105 ,  H04L63/166 ,  H04L63/20 ,  H04L67/2814

摘要： The present invention provides a system and method for dynamically selecting an authentication virtual server from a plurality of authentication virtual servers. A traffic management virtual server may determine from a request received from a client to access content of a server that the client has not been authenticated. The traffic management virtual server can identify a policy for selecting an authentication virtual server to provide authentication of the client. Responsive to the identification, the traffic management virtual server can select, via the policy, an authentication virtual server of the plurality of authentication virtual servers to authenticate the client. Responsive to the request, the traffic management virtual server may transmit a response to the client The response includes an instruction to redirect to the selected authentication virtual server.

摘要翻译： 本发明提供一种用于从多个认证虚拟服务器动态选择认证虚拟服务器的系统和方法。 流量管理虚拟服务器可以根据从客户端接收的请求来确定访问客户端尚未认证的服务器的内容。 流量管理虚拟服务器可以识别用于选择认证虚拟服务器以提供客户端认证的策略。 响应于识别，流量管理虚拟服务器可以通过策略选择多个认证虚拟服务器的认证虚拟服务器来认证客户端。 响应于该请求，流量管理虚拟服务器可以向客户端发送响应。该响应包括重定向到所选择的认证虚拟服务器的指令。

公开(公告)号：US08484718B2

公开(公告)日：2013-07-09

申请号：US11462230

申请日：2006-08-03

申请人： Vinoo Chacko ,  Puneet Agarwal ,  Shashi Nanjudaswamy ,  Ajay Soni

发明人： Vinoo Chacko ,  Puneet Agarwal ,  Shashi Nanjudaswamy ,  Ajay Soni

IPC分类号： G06F9/00

CPC分类号： H04L63/0272 ,  G06F21/552 ,  G06F21/6218 ,  H04L63/08 ,  H04L63/102

摘要： Methods for enabling assured records using fine grained auditing of virtual private network traffic include establishing, by an appliance, a transport layer virtual private network connection with a client operated by a user; receiving, by the appliance via the connection, a request from the client identifying a resource; determining, by the appliance, the request meets at least one security condition; transmitting, by the appliance to an audit log, a record of the request; receiving, by the appliance from the audit log, a confirmation that the record was logged; and granting, responsive to the received confirmation, access to the identified resource. Security conditions may identify at least one user, at least one application, a network or group of networks, and one or more resources. Corresponding systems are also described.

摘要翻译： 使用对虚拟专用网络流量进行细粒度审计的保证记录的方法包括由设备建立与用户操作的客户端的传输层虚拟专用网络连接; 通过连接从设备接收识别资源的客户端的请求; 由所述设备确定所述请求满足至少一个安全条件; 由设备向审核日志传送请求的记录; 设备从审核日志接收记录记录的确认; 以及响应于所接收的确认，授予对所识别的资源的访问。 安全条件可以标识至少一个用户，至少一个应用，网络或网络组，以及一个或多个资源。 还描述了相应的系统。