公开(公告)号：US20100242045A1

公开(公告)日：2010-09-23

申请号：US12408173

申请日：2009-03-20

申请人： Sumedha K. Swamy ,  Kais Belgaied

发明人： Sumedha K. Swamy ,  Kais Belgaied

IPC分类号： G06F9/50 ,  G06F9/455

CPC分类号： G06F9/455 ,  G06F9/4856 ,  G06F2009/4557

摘要： A method for migrating a virtual machine executing on a host. The method involves monitoring, by a monitoring agent connected to a device driver, hosts in a network, wherein the device driver is connected to a network interface card, determining a virtual machine to be migrated based on a virtual machine policy, sending, by the host, a request to migrate to at least one of a plurality of target hosts in the network, receiving an acceptance to the request to migrate from at least one of the plurality of target hosts, determining, by the monitoring agent, a chosen target host to receive the virtual machine based on a migration policy, wherein the chosen target host is one of the at least one target hosts that sent the acceptance, sending a confirmation and historical information to the chosen target host, and migrating the virtual machine to the chosen target host.

摘要翻译： 一种用于迁移在主机上执行的虚拟机的方法。 该方法包括通过连接到设备驱动程序的监视代理来监控网络中的主机，其中设备驱动程序连接到网络接口卡，基于虚拟机策略确定要迁移的虚拟机，通过 主机，迁移到网络中的多个目标主机中的至少一个的请求，接收对从多个目标主机中的至少一个迁移的请求的接受，由监视代理确定所选择的目标主机 基于迁移策略接收虚拟机，其中所选择的目标主机是发送接受的至少一个目标主机之一，向所选择的目标主机发送确认和历史信息，以及将虚拟机迁移到所选择的目标主机 目标主机。

公开(公告)号：US07743143B2

公开(公告)日：2010-06-22

申请号：US10139099

申请日：2002-05-03

申请人： Kais Belgaied

发明人： Kais Belgaied

IPC分类号： G06F15/173

CPC分类号： H04L63/083 ,  G06F2221/2113 ,  H04L41/06 ,  H04L63/105 ,  H04L69/40

摘要： A method and system for capturing and reporting debug information regarding data transport failures in a multi-level secure operating environment. A process available only to a trusted system administrator is activated causing probe activation. The data transport command is repeated. The process probes the locations where the data packets move across environment boundaries of the secure network. When the data stops being transported, the process captures the relevant information on the type of failure, its cause, the address where it occurred and the possible consequence. The captured information can then be displayed to an appropriately credentialed administrator through a password-protected command for debug. The probes are then deactivated.

摘要翻译： 一种用于在多级安全操作环境中捕获和报告关于数据传输故障的调试信息的方法和系统。 只有受信任的系统管理员可用的过程才会激活，从而激活探测器。 重复数据传输命令。 该过程探测数据包在安全网络的环境边界上移动的位置。 当数据停止运输时，该过程将捕获关于故障类型，原因，发生地址以及可能的后果的相关信息。 然后，捕获的信息可以通过密码保护的调试命令显示给适当的凭据管理员。 探针然后停用。

公开(公告)号：US20090323690A1

公开(公告)日：2009-12-31

申请号：US12164360

申请日：2008-06-30

申请人： Yunsong Lu ,  Kais Belgaied

发明人： Yunsong Lu ,  Kais Belgaied

IPC分类号： H04L12/56

CPC分类号： H04L47/2441 ,  H04L47/125 ,  H04L49/90 ,  H04L49/9063

摘要： A method for processing packets. The method includes receiving a first packet by a network interface card (NIC) from a network, determining, using a first classification level, a first receive ring group (RRG) for the first packet, determining, using a second level classification, a first receive ring (RR) in the first RRG for the first packet, sending the first packet to the first RR, and sending the first packet from the first RR to a host operatively connected to the network interface card, wherein the first packet is received by a first virtual network interface card (VNIC) associated with the first RRG, where the first RRG is located in the NIC.

摘要翻译： 一种处理数据包的方法。 该方法包括：通过网络接口卡（NIC）从网络接收第一分组，使用第一分类级确定第一分组的第一接收环组（RRG），使用第二级分类确定第一分组 在所述第一RRG中接收所述第一分组的响铃（RR），将所述第一分组发送到所述第一RR，以及将所述第一分组从所述第一RR发送到可操作地连接到所述网络接口卡的主机，其中，所述第一分组由 与第一RRG相关联的第一虚拟网络接口卡（VNIC），其中第一RRG位于NIC中。

公开(公告)号：US20080019365A1

公开(公告)日：2008-01-24

申请号：US11489943

申请日：2006-07-20

申请人： Sunay Tripathi ,  Tim P. Marsland ,  Nicolas G. Droux ,  Kais Belgaied

发明人： Sunay Tripathi ,  Tim P. Marsland ,  Nicolas G. Droux ,  Kais Belgaied

IPC分类号： H04L12/56 ,  H04L12/66

CPC分类号： H04L12/4641

摘要： A method for processing packets that includes receiving a first packet for a first virtual machine by a network interface card (NIC), classifying the first packet using a hardware classifier, where the hardware classifier is located on the NIC, sending the first packet to a first one of a plurality of receive rings based on the classification, sending the first packet from the first one of the plurality of receive rings to a first virtual network interface card (VNIC), sending the first packet from the first VNIC to a first interface, and sending the first packet from the first interface to the first virtual machine, where the first virtual machine is associated with the first interface, where the first VNIC and the first virtual machine are executing on a host.

摘要翻译： 一种处理分组的方法，包括通过网络接口卡（NIC）接收第一虚拟机的第一分组，使用硬件分类器对硬件分类器进行分类，其中硬件分类器位于NIC上，将第一分组发送到 将第一分组从多个接收环中的第一个发送到第一虚拟网络接口卡（VNIC），将第一分组从第一VNIC发送到第一接口 以及将所述第一分组从所述第一接口发送到所述第一虚拟机，其中所述第一虚拟机与所述第一接口相关联，其中所述第一VNIC和所述第一虚拟机在主机上执行。

公开(公告)号：US08625431B2

公开(公告)日：2014-01-07

申请号：US13226535

申请日：2011-09-07

申请人： Nicolas G. Droux ,  Kais Belgaied ,  Sunay Tripathi

发明人： Nicolas G. Droux ,  Kais Belgaied ,  Sunay Tripathi

IPC分类号： G06F11/00

CPC分类号： H04L12/42

摘要： A method for notifying a packet destination that includes receiving a packet by a network interface card (NIC), where the packet destination is a destination of the packet, classifying the packet, forwarding the packet to one of a plurality of receive rings on the NIC, determining whether the one of the plurality of receive rings comprises space to store the packet, dropping the packet if the receive ring does not comprise the space to store the packet, and sending a notification message to the packet destination, where the notification message indicates that the packet was dropped by the receive ring.

摘要翻译： 一种用于通知包目的地的方法，包括通过网络接口卡（NIC）接收分组，其中分组目的地是分组的目的地，对分组进行分类，将分组转发到NIC上的多个接收环中的一个 确定所述多个接收环中的一个是否包括用于存储所述分组的空间，如果所述接收环不包括用于存储所述分组的空间，则丢弃所述分组，并且向所述分组目的地发送通知消息，其中所述通知消息指示 数据包被接收环丢弃。

公开(公告)号：US08321862B2

公开(公告)日：2012-11-27

申请号：US12408173

申请日：2009-03-20

申请人： Sumedha K. Swamy ,  Kais Belgaied

发明人： Sumedha K. Swamy ,  Kais Belgaied

IPC分类号： G06F9/455

CPC分类号： G06F9/455 ,  G06F9/4856 ,  G06F2009/4557

摘要： A method for migrating a virtual machine executing on a host. The method involves monitoring, by a monitoring agent connected to a device driver, hosts in a network, wherein the device driver is connected to a network interface card, determining a virtual machine to be migrated based on a virtual machine policy, sending, by the host, a request to migrate to at least one of a plurality of target hosts in the network, receiving an acceptance to the request to migrate from at least one of the plurality of target hosts, determining, by the monitoring agent, a chosen target host to receive the virtual machine based on a migration policy, wherein the chosen target host is one of the at least one target hosts that sent the acceptance, sending a confirmation and historical information to the chosen target host, and migrating the virtual machine to the chosen target host.

摘要翻译： 一种用于迁移在主机上执行的虚拟机的方法。 该方法包括通过连接到设备驱动程序的监视代理来监控网络中的主机，其中设备驱动程序连接到网络接口卡，基于虚拟机策略确定要迁移的虚拟机，通过 主机，迁移到网络中的多个目标主机中的至少一个的请求，接收对从多个目标主机中的至少一个迁移的请求的接受，由监视代理确定所选择的目标主机 基于迁移策略接收虚拟机，其中所选择的目标主机是发送接受的至少一个目标主机之一，向所选择的目标主机发送确认和历史信息，以及将虚拟机迁移到所选择的目标主机 目标主机。

公开(公告)号：US08260588B2

公开(公告)日：2012-09-04

申请号：US12580386

申请日：2009-10-16

申请人： Kais Belgaied ,  Sunay Tripathi ,  Nicolas G. Droux

发明人： Kais Belgaied ,  Sunay Tripathi ,  Nicolas G. Droux

IPC分类号： G06F17/50 ,  G06F13/00 ,  H04L12/28

CPC分类号： G06F17/509 ,  G06F2009/45595 ,  G06F2217/74 ,  H04L41/12 ,  H04L41/145

摘要： In general, the invention relates to a creating a network model on a host. The invention includes: gathering first component properties associated with a first physical network device on a target network; creating a first container using first component properties; determining that a second physical network device is operatively connected to the first physical network device via a physical network link; gathering second component properties associated with the physical network link; creating a first VNIC associated with the first container; determining that at least one virtual network device is executing on the second physical network device; gathering third component properties associated with the at least one virtual network device; creating a second container, wherein the second container is configured using the third component properties; and creating a second VNIC associated with the second container.

摘要翻译： 通常，本发明涉及在主机上创建网络模型。 本发明包括：收集与目标网络上的第一物理网络设备相关联的第一组件属性; 使用第一个组件属性创建第一个容器; 确定第二物理网络设备经由物理网络链路可操作地连接到所述第一物理网络设备; 收集与物理网络链接相关联的第二组件属性; 创建与第一容器相关联的第一VNIC; 确定至少一个虚拟网络设备正在所述第二物理网络设备上执行; 收集与所述至少一个虚拟网络设备相关联的第三组件属性; 创建第二容器，其中所述第二容器使用所述第三组分特性构造; 以及创建与所述第二容器相关联的第二VNIC。

公开(公告)号：US08174984B2

公开(公告)日：2012-05-08

申请号：US12474671

申请日：2009-05-29

申请人： Sunay Tripathi ,  Nicolas G. Droux ,  Kais Belgaied

发明人： Sunay Tripathi ,  Nicolas G. Droux ,  Kais Belgaied

IPC分类号： G01R31/08

CPC分类号： G06F13/385 ,  G06F2213/0058

摘要： A computer readable medium comprising software instructions for managing resources on a host, wherein the software instructions comprise functionality to: configure a classifier located on a NIC, to forward packets addressed to a first destination address to a first HRR mapped to a first VNIC, wherein packets addressed to the first destination address are associated with a first PFC lane; configure the classifier to forward packets addressed to a second destination address to a second HRR, wherein packets addressed to the second destination address are associated with a second PFC lane; and transmit, by the first VNIC, a pause frame associated with the first PFC lane to a switch operatively connected to the physical NIC, wherein the switch, in response to receiving the pause frame, stores packets associated with the first PFC lane in a buffer without transmitting the packets.

摘要翻译： 一种包括用于管理主机上的资源的软件指令的计算机可读介质，其中所述软件指令包括以下功能：配置位于NIC上的分类器，将寻址到第一目的地地址的分组转发到映射到第一VNIC的第一HRR，其中 寻址到第一目的地地址的分组与第一PFC通道相关联; 配置分类器将寻址到第二目的地地址的分组转发到第二HRR，其中寻址到第二目的地地址的分组与第二PFC通道相关联; 并且由所述第一VNIC将与所述第一PFC通道相关联的暂停帧发送到可操作地连接到所述物理NIC的交换机，其中所述交换机响应于接收到所述暂停帧，将与所述第一PFC通道相关联的分组存储在缓冲器中 而不发送数据包。

公开(公告)号：US07792140B2

公开(公告)日：2010-09-07

申请号：US11479161

申请日：2006-06-30

申请人： Nicolas G. Droux ,  Kais Belgaied ,  Sunay Tripathi

发明人： Nicolas G. Droux ,  Kais Belgaied ,  Sunay Tripathi

IPC分类号： H04L12/66

CPC分类号： H04L41/0896 ,  H04L47/10 ,  H04L47/11

摘要： A method for indicating bandwidth for a virtual network interface card (NIC) includes receiving a bandwidth trigger for a bandwidth of a first virtual NIC operatively connected to a NIC, wherein the NIC is associated with a network bandwidth, obtaining a bandwidth allocation stored in the first virtual NIC in response to the bandwidth trigger, wherein the bandwidth allocation corresponds to the bandwidth of the first virtual NIC, and wherein the bandwidth allocation corresponds to a portion of the network bandwidth, and returning the bandwidth allocation to a component associated with the virtual NIC.

摘要翻译： 一种用于指示虚拟网络接口卡（NIC）的带宽的方法包括：接收用于可操作地连接到NIC的第一虚拟NIC的带宽的带宽触发，其中所述NIC与网络带宽相关联，获得存储在所述NIC中的带宽分配 响应于所述带宽触发的第一虚拟NIC，其中所述带宽分配对应于所述第一虚拟NIC的带宽，并且其中所述带宽分配对应于所述网络带宽的一部分，并且将所述带宽分配返回到与所述虚拟NIC相关联的组件 网卡

公开(公告)号：US07373504B1

公开(公告)日：2008-05-13

申请号：US10803341

申请日：2004-03-18

申请人： Kais Belgaied ,  Mark C. Powers ,  Bhargava K. Yenduri ,  Nicolas G. Droux ,  Paul J. Sangster ,  Darren J. Moffat ,  Gary W. Winiger

发明人： Kais Belgaied ,  Mark C. Powers ,  Bhargava K. Yenduri ,  Nicolas G. Droux ,  Paul J. Sangster ,  Darren J. Moffat ,  Gary W. Winiger

IPC分类号： H04L9/00

CPC分类号： H04L9/00 ,  H04L9/12 ,  H04L63/0485

摘要： A method for performing a cryptographic function including calling into an encryption framework to perform the cryptographic function, wherein calling into the encryption framework comprises sending a request to perform the cryptographic function from a kernel consumer, and processing the request and returning the result to the kernel consumer, wherein processing the request comprises determining whether the request is synchronous or asynchronous, and determining which cryptographic provider to use to perform the cryptographic function.

摘要翻译： 一种用于执行加密功能的方法，包括调用加密框架以执行加密功能，其中调用加密框架包括从内核消费者发送执行加密功能的请求，并处理该请求并将结果返回到内核 消费者，其中处理所述请求包括确定所述请求是同步还是异步，以及确定用于执行所述密码功能的密码提供者。