Computational accelerator for storage operations

    公开(公告)号:US20210111996A1

    公开(公告)日:2021-04-15

    申请号:US17108002

    申请日:2020-12-01

    Abstract: A system includes a host processor, which has a host memory and is coupled to store data in a non-volatile memory in accordance with a storage protocol. A network interface controller (NIC) receives data packets conveyed over a packet communication network from peer computers containing, in payloads of the data packets, data records that encode data in accordance with the storage protocol for storage in the non-volatile memory. The NIC processes the data records in the data packets that are received in order in each flow from a peer computer and extracts and writes the data to the host memory, and when a data packet arrives out of order, writes the data packet to the host memory without extracting the data and processes the data packets in the flow so as to recover context information for use in processing the data records in subsequent data packets in the flow.

    Method and apparatus for decrypting and authenticating a data record

    公开(公告)号:US10979212B2

    公开(公告)日:2021-04-13

    申请号:US15945817

    申请日:2018-04-05

    Abstract: A method, apparatus, and computer program product for processing a data record including encrypted and decrypted data is described. Various embodiments include receiving a data record including ciphertext and plaintext blocks and determining whether each block in the data record is a ciphertext block or a plaintext block. If a block is a ciphertext block, the ciphertext block is stored into a ciphertext record, decrypted into a plaintext block utilizing a decryption algorithm, and stored in a plaintext record. If the block is a plaintext block, the plaintext block is stored into the plaintext record, encrypted into a ciphertext block utilizing an encryption algorithm, and stored in the ciphertext record. Embodiments described also include authenticating the data record by passing each block of the ciphertext record to an authentication scheme and outputting the plaintext record to a destination application.

    Message segmentation
    83.
    发明授权

    公开(公告)号:US10938965B2

    公开(公告)日:2021-03-02

    申请号:US16442576

    申请日:2019-06-17

    Abstract: A system including a network interface layer, and a physical network connection configured to connect with a networking medium, wherein the network interface layer is configured to: A) receive a user datagram protocol (UDP) message for sending, the UDP message having a length L, and a desired maximum network message size (MSS), B) segment the UDP message in accordance with the MSS into a plurality of message segments, each message segment having a size no greater than MSS, and adjust information in each of the plurality of message segments, and C) send the plurality of message segments via the physical network connection to a networking medium. Related apparatus and methods are also provided.

    Message segmentation
    84.
    发明申请

    公开(公告)号:US20190387079A1

    公开(公告)日:2019-12-19

    申请号:US16442576

    申请日:2019-06-17

    Abstract: A system including a network interface layer, and a physical network connection configured to connect with a networking medium, wherein the network interface layer is configured to: A) receive a user datagram protocol (UDP) message for sending, the UDP message having a length L, and a desired maximum network message size (MSS), B) segment the UDP message in accordance with the MSS into a plurality of message segments, each message segment having a size no greater than MSS, and adjust information in each of the plurality of message segments, and C) send the plurality of message segments via the physical network connection to a networking medium. Related apparatus and methods are also provided.

    Method for Zero-Copy Object Serialization and Deserialization

    公开(公告)号:US20190188181A1

    公开(公告)日:2019-06-20

    申请号:US15841330

    申请日:2017-12-14

    CPC classification number: G06F15/17331

    Abstract: Serialization and deserialization of an object are performed by transmitting metadata and addresses of data members in a byte stream through a data network, receiving the byte stream from the data network, defining a container for the object, obtaining the addresses of the data members in the first memory from the input byte stream, applying direct memory access (DMA) or remote direct memory access (RDMA) to read the data members using the obtained addresses, and writing the data members into the container to create a new instance of the object.

    Support of Option-ROM in socket-direct network adapters

    公开(公告)号:US10318312B2

    公开(公告)日:2019-06-11

    申请号:US15717969

    申请日:2017-09-28

    Abstract: A network adapter includes one or more network ports, multiple bus interfaces, and a processor. The one or more network ports are configured to communicate with a communication network. The multiple bus interfaces are configured to communicate with multiple respective Central Processing Units (CPUs) that belong to a multi-CPU device. The processor is configured to support an Option-ROM functionality, in which the network adapter holds Option-ROM program instructions that are loadable and executable by the multi-CPU device during a boot process, and, in response to a request from the multi-CPU device to report the support of the Option-ROM functionality, to report the support of the Option-ROM functionality over only a single bus interface, selected from among the multiple bus interfaces connecting the network adapter to the multi-CPU device.

    DEFENDING AGAINST DOS ATTACKS OVER RDMA CONNECTIONS

    公开(公告)号:US20190028505A1

    公开(公告)日:2019-01-24

    申请号:US15652285

    申请日:2017-07-18

    Abstract: A processor is configured to receive, from a client, a first message indicating a request to establish a connection between the client and a server, to ascertain that the first message does not include any cookie satisfying one or more criteria, to send, to the client, a second message that includes a first cookie, without allocating an endpoint on the server for the connection, in response to ascertaining that the first message does not include any cookie satisfying the criteria, to receive subsequently, from the client, a third message, to ascertain that the third message includes a second cookie, and that the second cookie satisfies the criteria, to allocate the endpoint for the connection in response to ascertaining that the second cookie satisfies the criteria, and to send, to the client, a fourth message indicating that the server is ready to receive data communication at the allocated endpoint.

    Host bus access by add-on devices via a network interface controller
    89.
    发明申请
    Host bus access by add-on devices via a network interface controller 审中-公开
    通过网络接口控制器通过附加设备访问主机总线

    公开(公告)号:US20160342547A1

    公开(公告)日:2016-11-24

    申请号:US15154945

    申请日:2016-05-14

    Abstract: Peripheral apparatus for use with a host computer includes an add-on device, which includes a first network port coupled to one end of a packet communication link and add-on logic, which is configured to receive and transmit packets containing data over the packet communication link and to perform computational operations on the data. A network interface controller (NIC) includes a host bus interface, configured for connection to the host bus of the host computer and a second network port, coupled to the other end of the packet communication link. Packet processing logic in the NIC is coupled between the host bus interface and the second network port, and is configured to translate between the packets transmitted and received over the packet communication link and transactions executed on the host bus so as to provide access between the add-on device and the resources of the host computer.

    Abstract translation: 用于主计算机的外围设备包括附加设备,其包括耦合到分组通信链路的一端的第一网络端口和附加逻辑,其被配置为通过分组通信来接收和发送包含数据的分组 链接并对数据执行计算操作。 网络接口控制器(NIC)包括主机总线接口,被配置为连接到主计算机的主机总线和耦合到分组通信链路的另一端的第二网络端口。 NIC中的分组处理逻辑耦合在主机总线接口和第二网络端口之间,并且被配置为在通过分组通信链路发送和接收的分组之间转换和在主机总线上执行的事务之间的转换,以便在加法 - 设备和主机的资源。

    Congestion control enforcement in a virtualized environment
    90.
    发明授权
    Congestion control enforcement in a virtualized environment 有权
    虚拟化环境中的拥塞控制实施

    公开(公告)号:US09497125B2

    公开(公告)日:2016-11-15

    申请号:US14338488

    申请日:2014-07-23

    Abstract: In a data network congestion control in a virtualized environment is enforced in packet flows to and from virtual machines in a host. A hypervisor and network interface hardware in the host are trusted components. Enforcement comprises estimating congestion states in the data network attributable to respective packet flows, recognizing a new packet that belongs to one of the data packet flows, and using one or more of the trusted components and to make a determination based on the congestion states that the new packet belongs to a congestion-producing packet flow. A congestion-control policy is applied by one or more of the trusted components to the new packet responsively to the determination.

    Abstract translation: 在数据网络中,虚拟化环境中的拥塞控制在来自主机中的虚拟机的数据包流中实施。 主机中的管理程序和网络接口硬件是可信组件。 执行包括估计可归因于相应分组流的数据网络中的拥塞状态,识别属于数据分组流之一的新分组,以及使用一个或多个可信组件,并基于拥塞状态进行确定 新分组属于产生拥塞的分组流。 响应于该确定,拥塞控制策略由一个或多个可信任组件应用于新分组。

Patent Agency Ranking