公开(公告)号：US20170223153A1

公开(公告)日：2017-08-03

申请号：US15416696

申请日：2017-01-26

Applicant: Oracle International Corporation

Inventor： Bjørn Dag Johnsen ,  Arvind Srinivasan ,  Brian Manula

IPC: H04L29/06 ,  H04L12/743 ,  H04L12/947

CPC classification number: H04L43/0876 ,  G06F9/451 ,  G06F11/3006 ,  G06F2201/88 ,  G11C15/00 ,  H04L45/7457 ,  H04L47/20 ,  H04L47/70 ,  H04L49/25 ,  H04L49/358 ,  H04L67/1097 ,  H04L69/22

Abstract: System and method for using multiple global identification subnet prefix values in a network switch environment in a high performance computing environment. A packet is received from a network fabric by a first Host Channel Adapter (HCA). The packet has a header portion including a destination subnet prefix identifying a destination subnet of the network fabric. The network HCA is allowed to receive the first packet from a port of the network HCA by selectively determining a logical state of a flag and, selectively in accordance with a predetermined logical state of the flag, ignoring the destination subnet prefix identifying the destination subnet of the network fabric.

公开(公告)号：US09723008B2

公开(公告)日：2017-08-01

申请号：US14848109

申请日：2015-09-08

Applicant: Oracle International Corporation

Inventor： Vadim Makhervaks ,  Richard Mousseau ,  Bjørn Dag Johnsen ,  Sumanta Chatterjee ,  Avneesh Pant ,  Jean De Lavarene ,  Kant C. Patel ,  Bhaskar Mathur ,  Feroz Alam Khan ,  Sudeep Vatsanath Reguna

IPC: H04L29/06

CPC classification number: H04L63/101 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/1458 ,  H04L63/20

Abstract: An integrated firewall provides security in a multi-tenant environment having a connection-based switched fabric directly connecting database servers which provide a plurality of database services with application servers hosting database service consumers each having a different database service consumer identity. The firewall functionality integrated into each database server provides access control by discarding communication packets which do not include a database service consumer identity and using the database service consumer identity in combination with an access control list to control access from the database service consumers to the database services. The access control includes address resolution access control, connection establishment access control, and data exchange access control based on said access control list. The integrated firewall enables direct connection of database servers and application servers via an InfiniBand network providing without requiring a separate intermediary firewall appliance or security node.

公开(公告)号：US20170212779A1

公开(公告)日：2017-07-27

申请号：US15417305

申请日：2017-01-27

Applicant: Oracle International Corporation

Inventor： Harald Høeg ,  Bjørn Dag Johnsen

IPC: G06F9/455

CPC classification number: H04L67/34 ,  G06F9/45558 ,  G06F9/4856 ,  G06F9/5077 ,  G06F12/0806 ,  G06F13/4022 ,  G06F2009/4557 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2009/45595 ,  H04L12/4641 ,  H04L41/08 ,  H04L41/0803 ,  H04L41/0806 ,  H04L41/0813 ,  H04L41/22 ,  H04L45/48 ,  H04L45/586 ,  H04L45/64 ,  H04L47/82 ,  H04L49/358 ,  H04L49/65 ,  H04L49/70 ,  H04L61/2038 ,  H04L61/6045 ,  H04L61/6068 ,  H04L63/20 ,  H04L67/10 ,  H04L67/42

Abstract: Systems and methods for initiating a forced migration of a virtual machine. An exemplary embodiment can provide a subnet manager (SM) and an active virtual machine registration cache, where the subnet manager can access the active virtual machine registration cache. The SM can record a first virtual machine incarnation number in the active virtual machine registration cache, where the virtual machine incarnation number is associated with an active virtual machine (VM). Upon receiving a request to register the active VM on a different host, the SM can evaluate a second virtual machine incarnation number with the first virtual machine incarnation number to determine the legality of the request. In accordance with an embodiment, if the second virtual machine incarnation number is evaluated as greater than the first virtual machine incarnation number, the SM determines the request is legal.

公开(公告)号：US20170104682A1

公开(公告)日：2017-04-13

申请号：US15182383

申请日：2016-06-14

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Feroz Zahid ,  Ernst Gunnar Gran ,  Bartosz Bogdanski ,  Bjørn Dag Johnsen

IPC: H04L12/803 ,  H04L12/931 ,  G06F17/30

CPC classification number: H04L47/125 ,  G06F9/5077 ,  G06F17/30873 ,  H04L45/00 ,  H04L45/302 ,  H04L49/358 ,  H04L49/503 ,  H04L49/70 ,  H04L67/1004

Abstract: A system and method for supporting network isolation in a multi-tenant cluster environment. An exemplary method can support one or more tenants, and can associate each of the one or more tenants with a partition of a plurality of partitions, and can also associate each of the plurality of partitions with one or more nodes of a plurality of nodes, each of the plurality of nodes being associated with a leaf switch of a plurality of switches. The method can mark each of the plurality of partitions with a policy parameter. The method can assign each node of the plurality of nodes a partitioning order based on the marked on the partition associated with each node. Finally, the method can, based at least upon the marking of the partition of the plurality of partitions, generate one or more linear forwarding tables for use in the multi-tenant cluster environment.

公开(公告)号：US20160277232A1

公开(公告)日：2016-09-22

申请号：US15073022

申请日：2016-03-17

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Bartosz Bogdanski ,  Bjørn Dag Johnsen ,  Feroz Zahid ,  Ernst Gunnar Gran

IPC: H04L12/24 ,  H04L12/751

CPC classification number: H04L41/0672 ,  H04L45/02 ,  H04L45/48

Abstract: Systems and methods are provided for supporting efficient reconfiguration of an interconnection network having a pre-existing routing comprising. An exemplary method can provide, a plurality of switches, the plurality switches comprising at least one leaf switch, wherein each of the one or more switches comprise a plurality of ports, and a plurality of end nodes, wherein the plurality of end nodes are interconnected via the one or more switches. The method can detect, by a subnet manager, a reconfiguration triggering event. The method can compute, by the subnet manager, a new routing for the interconnection network, wherein the computing by the subnet manager of the new routing for the interconnection network takes into consideration the pre-existing routing and selects the new routing for the interconnection network that is closest to the pre-existing routing. The method can reconfigure the interconnection network according to the new routing.

Abstract translation: 提供的系统和方法用于支持具有预先存在的路由的互连网络的有效重新配置。 一种示例性方法可以提供多个交换机，所述多个交换机包括至少一个叶片交换机，其中所述一个或多个交换机中的每一个包括多个端口和多个端节点，其中所述多个端节点互连 通过一个或多个开关。 该方法可以通过子网管理器检测重配置触发事件。 该方法可以由子网管理器计算互连网络的新路由，其中​​由子网管理器对互连网络的新路由的计算考虑了预先存在的路由并选择用于互连网络的新路由 最接近预先存在的路由。 该方法可以根据新的路由重配置互联网络。

公开(公告)号：US20160259661A1

公开(公告)日：2016-09-08

申请号：US15050901

申请日：2016-02-23

Applicant: ORACLE INTERNATIONAL CORPORATION

Inventor： Evangelos Tasoulas ,  Bjørn Dag Johnsen ,  Ernst Gunnar Gran

IPC: G06F9/455 ,  H04L12/931

CPC classification number: G06F9/45558 ,  G06F9/45533 ,  G06F9/48 ,  G06F9/4843 ,  G06F9/485 ,  G06F9/4856 ,  G06F9/50 ,  G06F9/5077 ,  G06F9/5083 ,  G06F9/5088 ,  G06F2009/4557 ,  G06F2009/45575 ,  G06F2009/45595 ,  H04L49/70

Abstract: Systems and methods are provided for implementing a Virtual Switch (vSwitch) architecture that supports transparent virtualization and live migration. In an embodiment, a vSwitch with prepopulated Local Identifiers (LIDs). Another embodiment provides for vSwitch with dynamic LID assignment. Another embodiment provides for vSwitch with prepopulated LIDS and dynamic LID assignment Moreover, embodiments of the present invention provide scalable dynamic network reconfiguration methods which enable live migrations of VMs in network environments.

Abstract translation: 提供的系统和方法用于实现支持透明虚拟化和实时迁移的虚拟交换机（vSwitch）架构。 在一个实施例中，具有预填充的本地标识符（LID）的vSwitch。 另一个实施例提供具有动态LID分配的vSwitch。 另一个实施例提供具有预填充LIDS和动态LID分配的vSwitch。此外，本发明的实施例提供可扩展的动态网络重新配置方法，其允许虚拟机在网络环境中的实时迁移。

公开(公告)号：US09401963B2

公开(公告)日：2016-07-26

申请号：US14189442

申请日：2014-02-25

Applicant: Oracle International Corporation

Inventor： Bjørn Dag Johnsen ,  Line Holen ,  Dag Georg Moxnes

IPC: G06F15/173 ,  H04L29/08 ,  H04L29/06 ,  H04L12/24 ,  H04L12/863 ,  H04L29/12

CPC classification number: H04L67/16 ,  H04L41/0806 ,  H04L47/50 ,  H04L61/2069 ,  H04L63/1408 ,  H04L63/1458

Abstract: A system and method can support subnet management in a network environment, such as an engineered system for middleware and application execution or a middleware machine environment. A subnet manager (SM) can retrieve information for setting up a reliable connection (RC) between a subnet administrator (SA) and a client node in a subnet. Furthermore, the system can set up one or more connection states for a port associated with the SM node to establish the RC connection between the port associated with the SM node and a port associated with said client node. Then, the SM can activate the port associated with said client node.

Abstract translation: 系统和方法可以支持网络环境中的子网管理，例如用于中间件和应用程序执行的工程系统或中间件机器环境。 子网管理器（SM）可以检索在子网管理员（SA）和子网中的客户端节点之间建立可靠连接（RC）的信息。 此外，系统可以为与SM节点相关联的端口建立一个或多个连接状态，以建立与SM节点相关联的端口与与所述客户机节点相关联的端口之间的RC连接。 然后，SM可以激活与所述客户端节点相关联的端口。

公开(公告)号：US20160072816A1

公开(公告)日：2016-03-10

申请号：US14848109

申请日：2015-09-08

Applicant: Oracle International Corporation

Inventor： Vadim Makhervaks ,  Richard Mousseau ,  Bjørn Dag Johnsen ,  Sumanta Chatterjee ,  Avneesh Pant ,  Jean De Lavarene ,  Kant C. Patel ,  Bhaskar Mathur ,  Feroz Alam Khan ,  Sudeep Vatsanath Reguna

IPC: H04L29/06

CPC classification number: H04L63/101 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/1458 ,  H04L63/20

Abstract: An integrated firewall provides security in a multi-tenant environment having a connection-based switched fabric directly connecting database servers which provide a plurality of database services with application servers hosting database service consumers each having a different database service consumer identity. The firewall functionality integrated into each database server provides access control by discarding communication packets which do not include a database service consumer identity and using the database service consumer identity in combination with an access control list to control access from the database service consumers to the database services. The access control includes address resolution access control, connection establishment access control, and data exchange access control based on said access control list. The integrated firewall enables direct connection of database servers and application servers via an InfiniBand network providing without requiring a separate intermediary firewall appliance or security node.

Abstract translation: 集成防火墙在多承租人环境中提供安全性，其具有直接连接数据库服务器的基于连接的交换结构，所述数据库服务器向承载具有不同数据库服务消费者身份的数据库服务消费者的应用服务器提供多个数据库服务。 集成到每个数据库服务器中的防火墙功能通过丢弃不包括数据库服务消费者身份的通信数据包并​​使用数据库服务消费者身份与访问控制列表组合来控制从数据库服务使用者到数据库服务的访问来提供访问控制 。 访问控制包括基于所述访问控制列表的地址解析访问控制，连接建立访问控制和数据交换访问控制。 集成防火墙可以通过InfiniBand网络直接连接数据库服务器和应用程序服务器，而无需单独的中间防火墙设备或安全节点。

公开(公告)号：US09231888B2

公开(公告)日：2016-01-05

申请号：US13889088

申请日：2013-05-07

Applicant: Oracle International Corporation

Inventor： Bartosz Bogdanski ,  Bjørn Dag Johnsen

IPC: H04L12/58 ,  H04L12/937 ,  H04L12/721 ,  H04L12/707 ,  H04L12/931 ,  G06F9/44 ,  H04L29/12

CPC classification number: H04L49/253 ,  G06F9/451 ,  H04L29/12 ,  H04L45/24 ,  H04L45/44 ,  H04L49/35 ,  H04L49/358

Abstract: A system and method can rout traffic between distinct subnets in a network environment. A router that connects the distinct subnets, such as InfiniBand (IB) subnets, can receive a list of destinations that the router is responsible for routing one or more packets to. Then, the router can generate a random number based on a source local identifier (LID) and a destination LID associated with the one or more packets, and use a modulo based hash to select one router port from a plurality of output router ports of the router.

Abstract translation: 系统和方法可以在网络环境中的不同子网之间进行路由。 连接不同子网（如InfiniBand（IB））子网的路由器可以接收路由器负责路由一个或多个数据包的目的地列表。 然后，路由器可以基于源本地标识符（LID）和与一个或多个分组相关联的目的地LID来生成随机数，并且使用基于模的散列从多个输出路由器端口中选择一个路由器端口 路由器。

公开(公告)号：US20150063355A1

公开(公告)日：2015-03-05

申请号：US14467868

申请日：2014-08-25

Applicant: Oracle International Corporation

Inventor： Vadim Makhervaks ,  Bjørn Dag Johnsen ,  David M. Brean ,  Richard P. Mousseau

IPC: H04L12/741 ,  H04L29/06 ,  H03M13/09 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L45/74 ,  G06F9/455 ,  H03M13/09 ,  H04L45/42 ,  H04L49/25 ,  H04L49/358 ,  H04L49/70 ,  H04L61/10 ,  H04L63/02 ,  H04L67/10 ,  H04L67/16

Abstract: A system and method can support data service address resolution in a network environment. An intermediate node can receive an incoming data packet from a source node, wherein the incoming data packet targets a destination node, and wherein the incoming data packet includes a global identifier for the destination node and a local identifier for the intermediate node. Furthermore, the intermediate node can obtain local addressing information for the destination node based on the global identifier for the destination node. Then, the intermediate node can send an outgoing data packet to the destination node based on the obtained local addressing information for the destination node.

Abstract translation: 系统和方法可以支持网络环境中的数据服务地址解析。 中间节点可以从源节点接收输入数据分组，其中输入数据分组针对目的地节点，并且其中输入数据分组包括目的地节点的全局标识符和中间节点的本地标识符。 此外，中间节点可以基于目的地节点的全局标识符获得目的地节点的本地寻址信息。 然后，中间节点可以基于获得的用于目的地节点的本地寻址信息，向目的地节点发送输出数据分组。