公开(公告)号：US09634849B2

公开(公告)日：2017-04-25

申请号：US13546236

申请日：2012-07-11

Applicant: Bjørn Dag Johnsen ,  Martin Paul Mayhead ,  Ola Tørudbakken

Inventor： Bjørn Dag Johnsen ,  Martin Paul Mayhead ,  Ola Tørudbakken

IPC: H04L12/28 ,  H04L12/56 ,  H04L12/721 ,  H04L12/24 ,  H04L12/26 ,  H04L12/18 ,  H04L12/64 ,  H04L29/08 ,  H04L12/54 ,  H04L12/933

CPC classification number: H04L12/1863 ,  H04L12/1836 ,  H04L12/4641 ,  H04L12/64 ,  H04L12/6402 ,  H04L12/66 ,  H04L45/245 ,  H04L45/32 ,  H04L49/00 ,  H04L49/10 ,  H04L49/30 ,  H04L49/358 ,  H04L67/2814

Abstract: A system and method can support flooding mechanism using a packet process proxy in a middleware machine environment. The middleware machine environment can comprise a gateway instance that includes an external port for receiving data packets from an external network. The middleware machine environment also comprises one or more host servers, each of which is associated with one or more virtual machines. Furthermore, said host servers can provide virtual interfaces that belong to a virtual hub associated with the gateway instance. At least one said packet is a flooded packet that is specified with an unknown destination address when it is received at the external port. The gateway instance can send the flooded packet to a designated virtual interface on a host server, and a packet process proxy on the host server can forward the flooded packet to a virtual machine on another host server for processing this packet.

公开(公告)号：US09054886B2

公开(公告)日：2015-06-09

申请号：US13546217

申请日：2012-07-11

Applicant: Bjørn Dag Johnsen ,  Martin Paul Mayhead ,  Ola Tørudbakken

Inventor： Bjørn Dag Johnsen ,  Martin Paul Mayhead ,  Ola Tørudbakken

IPC: H04L12/28 ,  H04L12/18 ,  H04L29/08 ,  H04L12/933 ,  H04L12/54 ,  H04L12/64

CPC classification number: H04L12/1863 ,  H04L12/1836 ,  H04L12/4641 ,  H04L12/64 ,  H04L12/6402 ,  H04L12/66 ,  H04L45/245 ,  H04L45/32 ,  H04L49/00 ,  H04L49/10 ,  H04L49/30 ,  H04L49/358 ,  H04L67/2814

Abstract: A system and method can support a flooding mechanism using a multicast group in a middleware machine environment. The middleware machine environment can comprise a gateway instance that includes an external port for receiving one or more data packets from an external network. The middleware machine environment also comprises one or more host servers, each of which is associated with one or more virtual machines that can process the data packets. Furthermore, said host servers can provide virtual interfaces that belong to a virtual hub associated with the gateway instance. At least one said packet is a flooded packet that is specified with an unknown destination address when it is received at the external port. The gateway instance operates to send the flooded packet to the multicast group that operates to forward the flooded packet to one or more said host servers in the multicast group.

Abstract translation: 系统和方法可以在中间件机器环境中支持使用多播组的洪泛机制。 中间件机器环境可以包括网关实例，其包括用于从外部网络接收一个或多个数据分组的外部端口。 中间件机器环境还包括一个或多个主机服务器，每个主机服务器与可以处理数据分组的一个或多个虚拟机相关联。 此外，所述主机服务器可以提供属于与网关实例相关联的虚拟集线器的虚拟接口。 至少一个所述分组是当在外部端口接收时被指定为未知目的地址的淹没分组。 网关实例用于将洪泛的分组发送到操作的多播组，以将洪泛的分组转发到多播组中的一个或多个所述主机服务器。

公开(公告)号：US20130019014A1

公开(公告)日：2013-01-17

申请号：US13546405

申请日：2012-07-11

Applicant: Bjørn Dag Johnsen ,  Martin Paul Mayhead ,  Ola Tørudbakken

Inventor： Bjørn Dag Johnsen ,  Martin Paul Mayhead ,  Ola Tørudbakken

IPC: G06F15/173

CPC classification number: H04L12/1863 ,  H04L12/1836 ,  H04L12/4641 ,  H04L12/64 ,  H04L12/6402 ,  H04L12/66 ,  H04L45/245 ,  H04L45/32 ,  H04L49/00 ,  H04L49/10 ,  H04L49/30 ,  H04L49/358 ,  H04L67/2814

Abstract: A system and method can support virtual machine migration in a middleware machine environment. The middleware machine environment can comprise one or more network switch instances with one or more external ports, each of which is adapted to receive data packets from an external network. Furthermore, the middleware machine environment can comprise a plurality of virtual interfaces on one or more host servers. Each said host server is associated with one or more virtual machines that can process the one or more data packets. A virtual machine on a first host server is allowed to migrate from the first host server to a second host server and operates to receive one or more packets via a virtual interface on the second host server and process the one or more data packets.

Abstract translation: 系统和方法可以支持中间件机器环境中的虚拟机迁移。 中间件机器环境可以包括具有一个或多个外部端口的一个或多个网络交换机实例，每个外部端口适于从外部网络接收数据分组。 此外，中间件机器环境可以包括一个或多个主机服务器上的多个虚拟接口。 每个所述主机服务器与可以处理一个或多个数据分组的一个或多个虚拟机相关联。 允许第一主机服务器上的虚拟机从第一主机服务器迁移到第二主机服务器，并且操作以经由第二主机服务器上的虚拟接口接收一个或多个数据包，并处理一个或多个数据包。

公开(公告)号：US07443860B2

公开(公告)日：2008-10-28

申请号：US10863854

申请日：2004-06-08

Applicant: Bjorn Dag Johnsen ,  Christopher Jackson ,  David Brean ,  Ola Tørudbakken

Inventor： Bjorn Dag Johnsen ,  Christopher Jackson ,  David Brean ,  Ola Tørudbakken

IPC: H04L12/56

CPC classification number: H04L63/126

Abstract: One embodiment of the invention provides a method of handling an incoming packet at a node in a network. The method includes associating at least one source identifier with a link into the node. A packet is then received at the node over the link, and a source identifier is extracted from the received packet. The extracted source identifier is compared with the source identifier(s) associated with the link in order to authenticate the packet.

Abstract translation: 本发明的一个实施例提供一种在网络中的节点处理输入分组的方法。 该方法包括将至少一个源标识符与到该节点的链路相关联。 然后通过链路在节点处接收分组，并且从接收到的分组中提取源标识符。 将提取的源标识符与与链路相关联的源标识符进行比较，以便认证该分组。

公开(公告)号：US09332005B2

公开(公告)日：2016-05-03

申请号：US13545803

申请日：2012-07-10

Applicant: Bjørn Dag Johnsen ,  David Brean ,  Ola Tørudbakken

Inventor： Bjørn Dag Johnsen ,  David Brean ,  Ola Tørudbakken

IPC: H04L29/06 ,  H04L12/24

CPC classification number: H04L63/083 ,  G06F2221/2141 ,  H04L41/0803 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/162

Abstract: A system and method can provide switch based subnet management packet (SMP) traffic protection in a middleware machine environment. The middleware machine environment includes a network switch that operates to receive at least one SMP destined for a subnet management agent (SMA). The network switch can check whether the at least one SMP includes a correct management key, and prevent the at least one SMP from being forwarded to the destined SMA when at least one SMP does not include the correct management key. Furthermore, the network switch can specify a different management key for each external port and can enforce separate restrictions on ingress and egress SMP traffic at a particular external port.

Abstract translation: 系统和方法可以在中间件机器环境中提供基于交换机的子网管理包（SMP）流量保护。 中间件机器环境包括操作以接收用于子网管理代理（SMA）的至少一个SMP的网络交换机。 网络交换机可以检查至少一个SMP是否包括正确的管理密钥，并且当至少一个SMP不包括正确的管理密钥时，防止至少一个SMP被转发到目的地的SMA。 此外，网络交换机可以为每个外部端口指定不同的管理密钥，并且可以对特定外部端口的入口和出口SMP流量实施单独的限制。

公开(公告)号：US09270650B2

公开(公告)日：2016-02-23

申请号：US13487973

申请日：2012-06-04

Applicant: Bjørn-Dag Johnsen ,  Ola Tørudbakken ,  David Brean

Inventor： Bjørn-Dag Johnsen ,  Ola Tørudbakken ,  David Brean

IPC: H04L9/32 ,  H04L29/06 ,  H04L12/24 ,  H04L12/931

CPC classification number: H04L63/0876 ,  H04L9/3234 ,  H04L9/3271 ,  H04L41/12 ,  H04L49/20 ,  H04L63/0442 ,  H04L63/083

Abstract: A system and method can provide a secure subnet management agent (SMA) in an Infiniband (IB) network. The system can comprise a host channel adapter (HCA) associated with a host, wherein the HCA operates to implement a SMA in its embedded firmware. The HCA can prevent a host administrator or software with root access to the host from changing the embedded firmware on the HCA and modifying one or more states associated with the SMA without being endorsed by a site administrator. Additionally, the SMA is associated with a management key, and the host is not allowed to observe the management key without being endorsed by a site administrator.

Abstract translation: 系统和方法可以在Infiniband（IB）网络中提供安全的子网管理代理（SMA）。 该系统可以包括与主机相关联的主机通道适配器（HCA），其中HCA操作以在其嵌入式固件中实现SMA。 HCA可以防止主机管理员或具有root访问主机的软件更改HCA上的嵌入式固件，并修改与SMA相关联的一个或多个状态，而不必经过站点管理员的认可。 此外，SMA与管理密钥相关联，并且不允许主机在不经过站点管理员的认可的情况下观察管理密钥。

公开(公告)号：US09240981B2

公开(公告)日：2016-01-19

申请号：US13488040

申请日：2012-06-04

Applicant: Bjørn-Dag Johnsen ,  Predrag Hodoba ,  Ola Tørudbakken

Inventor： Bjørn-Dag Johnsen ,  Predrag Hodoba ,  Ola Tørudbakken

IPC: H04L29/06 ,  H04L9/32 ,  H04L12/24 ,  H04L12/931

CPC classification number: H04L63/0876 ,  H04L9/3234 ,  H04L9/3271 ,  H04L41/12 ,  H04L49/20 ,  H04L63/0442 ,  H04L63/083

Abstract: A system and method can verify trustfulness of a fabric component in an InfiniBand (IB) fabric. A subnet manager that is responsible for authenticating the fabric component using private/public key pairs. The subnet manager can first send a first encrypted message to a fabric component in the IB fabric, wherein the first encrypted message contains a token and is encrypted using a public key associated with the fabric component. Then, the fabric component is allowed to decode the first encrypted message using a private key associated with the fabric component, and to send a second encrypted message back to the subnet manager. Finally, the subnet manager can authenticate the fabric component if the second encrypted message contains correct information.

Abstract translation: 系统和方法可以验证InfiniBand（IB）结构中的Fabric组件的可信度。 一个子网管理器，负责使用私钥/公钥对验证结构组件。 子网管理器可以首先向IB结构中的结构组件发送第一加密消息，其中第一加密消息包含令牌，并且使用与该结构组件相关联的公钥进行加密。 然后，允许结构组件使用与该结构组件相关联的专用密钥对第一加密消息进行解码，并将第二加密消息发送回该子网管理器。 最后，如果第二个加密的消息包含正确的信息，子网管理器可以对Fabric组件进行身份验证。

公开(公告)号：US09215083B2

公开(公告)日：2015-12-15

申请号：US13546368

申请日：2012-07-11

Applicant: Bjørn Dag Johnsen ,  Martin Paul Mayhead ,  Ola Tørudbakken

Inventor： Bjørn Dag Johnsen ,  Martin Paul Mayhead ,  Ola Tørudbakken

IPC: H04L12/18 ,  H04L29/08 ,  H04L12/54 ,  H04L12/64 ,  H04L12/933

CPC classification number: H04L12/1863 ,  H04L12/1836 ,  H04L12/4641 ,  H04L12/64 ,  H04L12/6402 ,  H04L12/66 ,  H04L45/245 ,  H04L45/32 ,  H04L49/00 ,  H04L49/10 ,  H04L49/30 ,  H04L49/358 ,  H04L67/2814

Abstract: A system and method can support packet direct forwarding in a middleware machine environment. The middleware machine environment comprises one or more external ports on at least one network switch instance, wherein each external port can receive one or more data packets from an external network. Furthermore, the middleware machine environment comprises a plurality of host channel adapter (HCA) ports on one or more host servers, wherein each said HCA port is associated with a said host server, and each said host server can support one or more virtual machines that operate to process the one or more data packets. The at least one network switch operate to send a packet received at an external port to a designated HCA port associated with the external port. An external switch in the external network can send the data packet to the particular external port based on a packet distribution algorithm.

Abstract translation: 系统和方法可以在中间件机器环境中支持数据包直接转发。 中间件机器环境包括至少一个网络交换机实例上的一个或多个外部端口，其中每个外部端口可以从外部网络接收一个或多个数据分组。 此外，中间件机器环境包括在一个或多个主机服务器上的多个主机通道适配器（HCA）端口，其中每个所述HCA端口与所述主机服务器相关联，并且每个所述主机服务器可以支持一个或多个虚拟机， 操作以处理一个或多个数据分组。 所述至少一个网络交换机操作以将在外部端口处接收的分组发送到与所述外部端口相关联的指定HCA端口。 外部网络中的外部交换机可以根据分组分发算法将数据包发送到特定的外部端口。

公开(公告)号：US20130016718A1

公开(公告)日：2013-01-17

申请号：US13546217

申请日：2012-07-11

Applicant: Bjørn Dag Johnsen ,  Martin Paul Mayhead ,  Ola Tørudbakken

Inventor： Bjørn Dag Johnsen ,  Martin Paul Mayhead ,  Ola Tørudbakken

IPC: H04L12/56

CPC classification number: H04L12/1863 ,  H04L12/1836 ,  H04L12/4641 ,  H04L12/64 ,  H04L12/6402 ,  H04L12/66 ,  H04L45/245 ,  H04L45/32 ,  H04L49/00 ,  H04L49/10 ,  H04L49/30 ,  H04L49/358 ,  H04L67/2814

Abstract: A system and method can support a flooding mechanism using a multicast group in a middleware machine environment. The middleware machine environment can comprise a gateway instance that includes an external port for receiving one or more data packets from an external network. The middleware machine environment also comprises one or more host servers, each of which is associated with one or more virtual machines that can process the data packets. Furthermore, said host servers can provide virtual interfaces that belong to a virtual hub associated with the gateway instance. At least one said packet is a flooded packet that is specified with an unknown destination address when it is received at the external port. The gateway instance operates to send the flooded packet to the multicast group that operates to forward the flooded packet to one or more said host servers in the multicast group.

Abstract translation: 系统和方法可以在中间件机器环境中支持使用多播组的洪泛机制。 中间件机器环境可以包括网关实例，其包括用于从外部网络接收一个或多个数据分组的外部端口。 中间件机器环境还包括一个或多个主机服务器，每个主机服务器与可以处理数据分组的一个或多个虚拟机相关联。 此外，所述主机服务器可以提供属于与网关实例相关联的虚拟集线器的虚拟接口。 至少一个所述分组是当在外部端口接收时被指定为未知目的地址的淹没分组。 网关实例用于将洪泛的分组发送到操作的多播组，以将洪泛的分组转发到多播组中的一个或多个所述主机服务器。

公开(公告)号：US06633580B1

公开(公告)日：2003-10-14

申请号：US09520066

申请日：2000-03-07

Applicant: Ola Tørudbakken ,  Morten Schanke

Inventor： Ola Tørudbakken ,  Morten Schanke

IPC: H04J302

CPC classification number: H04Q11/0478 ,  H04L49/101 ,  H04L49/254 ,  H04L49/3009 ,  H04L49/3018 ,  H04L49/3027

Abstract: A novel N×N Crossbar Packet Switch is disclosed, which crossbar switch is based on a distributed port architecture, asynchronous output port arbitration, support of non fixed-size packets (cells), support for virtual channels (VC) and/or priority, and which only requires 2*N*N control lines for the arbitration.

Abstract translation: 公开了一种新颖的NxN Crossbar分组交换机，其交叉开关基于分布式端口架构，异步输出端口仲裁，对非固定大小分组（小区）的支持，对虚拟信道（VC）和/或优先级的支持，以及哪些 只需要2 * N * N个控制线进行仲裁。