公开(公告)号：US08887237B2

公开(公告)日：2014-11-11

申请号：US13107743

申请日：2011-05-13

申请人： Ramsundar Janakiraman ,  Rajesh Mirukula ,  Brijesh Nambiar

发明人： Ramsundar Janakiraman ,  Rajesh Mirukula ,  Brijesh Nambiar

IPC分类号： H04L29/06 ,  H04L29/12 ,  H04L12/46

CPC分类号： H04L61/2015 ,  H04L12/4641 ,  H04L63/08

摘要： Assigning clients to VLANs on a digital network. A client attaching to a digital network through a network device is initially assigned to a first VLAN. This VLAN may have restricted access and is used for authentication. The device snoops DHCP traffic on this first VLAN rewriting DHCP traffic from the client to request a short lease time for the client. A short lease time may be on the order of 30 seconds. The device optionally rewrites DHCP traffic to the client on the first VLAN to assure a short lease time is returned; this rewriting supports DHCP servers which do not issue short leases. Traffic on this first VLAN may be limited to authentication such as captive portals, 802.1x, Kerberos, and the like. If client authentication on the first VLAN does not succeed, when the short lease expires, the client will receive another short lease on the first VLAN. The network device snoops authentication traffic. When authentication succeeds, the device snoops this traffic and derives information such as roles and the target VLAN for the client, saving this information. When the short DHCP lease expires for the client, and the client restarts the DHCP process, the device assigns the client to the target VLAN and all further processing occurs on this target VLAN.

摘要翻译： 将客户端分配给数字网络上的VLAN。 首先将通过网络设备连接到数字网络的客户端分配给第一个VLAN。 该VLAN可能具有受限访问权限，用于认证。 该设备在此第一个VLAN上侦听DHCP流量，重写客户端的DHCP流量，为客户端请求一个短租约时间。 短租约时间可能在30秒左右。 该设备可选地在第一个VLAN上重写DHCP流量到客户端，以确保返回较短的租期; 此重写支持不发布短租赁的DHCP服务器。 此第一个VLAN上的流量可能会限制为诸如强制门户，802.1x，Kerberos等认证。 如果第一个VLAN的客户端认证不成功，则在短租期届满时，客户端将在第一个VLAN上收到另一个短租约。 网络设备窥探认证流量。 当认证成功时，设备会窥探此流量，并为客户端导出角色和目标VLAN等信息，保存此信息。 当客户端的短DHCP租期过期，客户端重新启动DHCP进程时，设备将客户端分配给目标VLAN，并在此目标VLAN上进行所有进一步的处理。

公开(公告)号：US09160671B2

公开(公告)日：2015-10-13

申请号：US13692608

申请日：2012-12-03

申请人： Ramsundar Janakiraman ,  Avinash Sridharan ,  Ravinder Verma ,  Prasad Palkar

发明人： Ramsundar Janakiraman ,  Avinash Sridharan ,  Ravinder Verma ,  Prasad Palkar

IPC分类号： H04L12/28 ,  H04L12/851

CPC分类号： H04L47/2433 ,  H04L45/7457 ,  H04L67/1036 ,  H04L69/22

摘要： According to one embodiment, a method comprises an operation of determining whether an ingress control message is locally terminated control traffic on a digital device prior to the ingress control message being forwarded to a hardware processor of the digital device for processing. A priority is assigned to the ingress control message based on information within the ingress control message, if the ingress control message is determined to be locally terminated control logic.

摘要翻译： 根据一个实施例，一种方法包括在入口控制消息被转发到数字设备的硬件处理器以进行处理之前，确定进入控制消息是否本地终止在数字设备上控制业务的操作。 如果入口控制消息被确定为本地终止控制逻辑，则基于入口控制消息内的信息将优先级分配给入口控制消息。

公开(公告)号：US20060087963A1

公开(公告)日：2006-04-27

申请号：US10974368

申请日：2004-10-25

申请人： Praveen Jain ,  Ranganathan Rajagopalan ,  Ramsundar Janakiraman ,  Shashank Gupta ,  Sachin Jain

发明人： Praveen Jain ,  Ranganathan Rajagopalan ,  Ramsundar Janakiraman ,  Shashank Gupta ,  Sachin Jain

IPC分类号： H04L12/26

CPC分类号： H04L49/552 ,  H04L49/357

摘要： A port shutdown protocol coordinates among various components involved in the process of administratively bringing down a link at both ends of a link connecting two switches. Execution of the protocol avoids or reduces frame drops and/or reordering. In this protocol, peer switches perform various actions when bringing down an ISL in a synchronized manner. In one implementation, this protocol uses the Exchange Peer Protocol (EPP) as the underlying transport to carry the port shutdown protocol frames.

公开(公告)号：US20120106547A1

公开(公告)日：2012-05-03

申请号：US12947652

申请日：2010-11-16

申请人： Ramsundar Janakiraman

发明人： Ramsundar Janakiraman

IPC分类号： H04L12/56

CPC分类号： H04L12/1836 ,  H04B7/155 ,  H04L1/00 ,  H04L12/185 ,  H04L12/189 ,  H04L2201/00

摘要： Processing of MLD control packets in an access point (AP) connected to a digital network. According to the present invention, an AP in a network converts MLD queries from multicast to unicast and sends these unicast packets to each client of the AP. These MLD query packets may be filtered or restricted by per-user client rules These MLD query packets may also be tagged as high priority packets to speed their delivery. The AP also suppresses the retransmission of MLD Join packets to clients of the AP.

摘要翻译： 在连接到数字网络的接入点（AP）中处理MLD控制分组。 根据本发明，网络中的AP将MLD查询从组播转换为单播，并将这些单播包发送到AP的每个客户端。 这些MLD查询分组可能被每用户客户端规则过滤或限制。这些MLD查询分组也可以被标记为高优先级分组，以加快其传送速度。 AP还禁止向AP的客户端重传MLD Join报文。

公开(公告)号：US20120106325A1

公开(公告)日：2012-05-03

申请号：US12916230

申请日：2010-10-29

申请人： Ramsundar Janakiraman

发明人： Ramsundar Janakiraman

IPC分类号： H04L12/26

CPC分类号： H04L47/15 ,  H04L43/0823 ,  H04L47/19 ,  H04L47/22 ,  H04L47/39

摘要： Improved handling of multicast streams in digital networks. A switching device in a digital network such as a controller, bridge, or access point examines streams flowing through the device. The device identifies a multicast stream and assigns a stateful session to this stream. QoS marking may be applied to the stream. The device assigns a shaping policy to the stream, assigning it a default value in terms of bandwidth credits. This default value may be dependent on the stream type. The credits used by the stream are evaluated periodically. If the stream has exceeded the allocated bandwidth for the shaping policy, the number of credits are increased by a predetermined factor. If the stream has unused credits, the allocated number of credits are reduced by a predetermined factor. The increase and decrease factors may be tuned, for example, to provide a fast attack and a slow decay. The period used for stream evaluation may be adjusted. Increasing the period decreases the load on the device CPU; decreasing the period allows for better convergence at a cost of more load on the CPU. This approach allows the packets in the stream to be released at a constant rate and allows transmission of bursty traffic over networks on which congestion conditions can change rapidly such as wireless and vpn tunnels. In addition, the potential for downstream drops due to the lack of buffers in downstream switch/routers due to the burstiness is reduced.

摘要翻译： 改进数字网络中多播流的处理。 诸如控制器，桥接器或接入点之类的数字网络中的交换设备检查流经设备的流。 设备识别多播流，并为此流分配有状态会话。 QoS标记可以应用于流。 设备为流分配一个整形策略，并根据带宽信用为其分配默认值。 此默认值可能取决于流类型。 流量使用的信用额定期进行评估。 如果流已经超过了成形策略的分配带宽，则信用数量增加预定因子。 如果流具有未使用的信用，则分配的信用数量减少预定的因子。 可以调节增加和减少的因素，例如提供快速攻击和缓慢的衰减。 可以调整用于流评估的时期。 增加周期会降低设备CPU的负载; 减少该周期允许在CPU上以更多负载的成本获得更好的收敛。 这种方法允许流中的分组以恒定的速率被释放，并且允许在拥塞状况可以快速改变的网络上传输突发流量，例如无线和vpn隧道。 此外，由于突发性导致下游交换机/路由器中缺少缓冲区，导致下游丢弃的可能性降低。

公开(公告)号：US07484021B2

公开(公告)日：2009-01-27

申请号：US11332747

申请日：2006-01-12

申请人： Gaurav Rastogi ,  Ramsundar Janakiraman ,  Kalyan Ghosh ,  Badri Ramaswamy ,  Joy J Chatterjee

发明人： Gaurav Rastogi ,  Ramsundar Janakiraman ,  Kalyan Ghosh ,  Badri Ramaswamy ,  Joy J Chatterjee

IPC分类号： G06F13/12

CPC分类号： H04L49/357 ,  H04L41/0803 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L49/354 ,  H04L67/1097

摘要： A technique is provided for facilitating fabric membership login for an N_Port of a storage area network. A communication from a network node is received. The communication may include a portion of criteria associated with the N_Port. Using at least a portion of the portion of criteria, a virtual fabric identifier corresponding to a virtual fabric which is associated with the N_Port may be automatically identified. Fabric configuration information, which includes the virtual fabric identifier, may be automatically provided to the network node. A fabric login request from the N_Port to login to the virtual fabric may then be received. According to a specific embodiment, the communication may be transmitted from a network node to an F_Port on a Fiber Channel switch. When the N_Port received the fabric configuration information from the F_Port, the generating, using at least a portion of the received fabric configuration information, a fabric login request message may be generated by the N_Port which includes a fabric login request for the N_Port to login to the virtual fabric corresponding to the virtual fabric identifier. In at least one implementation, the N_Port and/or F_Port may be configured or designed to support trunking functionality.

摘要翻译： 提供了一种用于促进存储区域网络的N_Port的织物成员登录的技术。 接收到来自网络节点的通信。 通信可以包括与N_Port相关联的标准的一部分。 使用标准部分的至少一部分，可以自动识别对应于与N_Port相关联的虚拟结构的虚拟结构标识符。 可以将包括虚拟结构标识符的布局配置信息自动提供给网络节点。 然后可以接收从N_Port登录到虚拟结构的结构登录请求。 根据具体实施例，可以将通信从网络节点传输到光纤通道交换机上的F_Port。 当N_Port从F_Port接收到结构配置信息时，使用至少一部分接收到的结构配置信息生成结构登录请求消息的N_Port可以由N_Port生成，该N_Port包括用于N_Port登录到 虚拟结构对应于虚拟结构标识符。 在至少一个实现中，N_Port和/或F_Port可以被配置或设计成支持中继功能。

公开(公告)号：US20070130295A1

公开(公告)日：2007-06-07

申请号：US11332747

申请日：2006-01-12

申请人： Gaurav Rastogi ,  Ramsundar Janakiraman ,  Kalyan Ghosh ,  Badri Ramaswamy ,  Joy Chatterjee

发明人： Gaurav Rastogi ,  Ramsundar Janakiraman ,  Kalyan Ghosh ,  Badri Ramaswamy ,  Joy Chatterjee

IPC分类号： G06F15/177

CPC分类号： H04L49/357 ,  H04L41/0803 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L49/354 ,  H04L67/1097

摘要： A technique is provided for facilitating fabric membership login for an N13 Port of a storage area network. A communication from a network node is received. The communication may include a portion of criteria associated with the N13 Port. Using at least a portion of the portion of criteria, a virtual fabric identifier corresponding to a virtual fabric which is associated with the N13 Port may be automatically identified. Fabric configuration information, which includes the virtual fabric identifier, may be automatically provided to the network node. A fabric login request from the N13 Port to login to the virtual fabric may then be received. According to a specific embodiment, the communication may be transmitted from a network node to an F13 Port on a Fibre Channel switch. When the N13 Port received the fabric configuration information from the F13 Port, the generating, using at least a portion of the received fabric configuration information, a fabric login request message may be generated by the N13 Port which includes a fabric login request for the N13 Port to login to the virtual fabric corresponding to the virtual fabric identifier. In at least one implementation, the N13 Port and/or F13 Port may be configured or designed to support trunking functionality.

摘要翻译： 提供了一种用于促进存储区域网络的N 13端口的织物成员登录的技术。 接收到来自网络节点的通信。 通信可以包括与N 13端口相关联的标准的一部分。 使用标准部分的至少一部分，可以自动识别对应于与N 13端口相关联的虚拟结构的虚拟结构标识符。 可以将包括虚拟结构标识符的布局配置信息自动提供给网络节点。 然后可以接收来自N 13个端口的登录到虚拟结构的结构登录请求。 根据具体实施例，通信可以从网络节点传输到光纤通道交换机上的F 13端口。 当N 13端口从F 13端口接收到结构配置信息时，使用接收的结构配置信息的至少一部分来生成结构登录请求消息 可以由包括针对N 13端口的结构登录请求登录到对应于虚拟结构标识符的虚拟结构的N 13端口生成。 在至少一个实现中，N 13端口和/或F 13端口可以被配置或设计成支持中继功能。

公开(公告)号：US09015438B2

公开(公告)日：2015-04-21

申请号：US13692622

申请日：2012-12-03

申请人： Ramsundar Janakiraman ,  Prasad Palkar ,  Brijesh Nambiar ,  Sridhar Kamsetty ,  Vijayaraghavan Doraiswami

发明人： Ramsundar Janakiraman ,  Prasad Palkar ,  Brijesh Nambiar ,  Sridhar Kamsetty ,  Vijayaraghavan Doraiswami

IPC分类号： G06F12/00 ,  G06F9/52 ,  H04L12/54

CPC分类号： G06F9/526 ,  H04L12/56

摘要： The present disclosure discloses a method and network device for achieving enhanced performance with multiple CPU cores in a network device having a symmetric multiprocessing architecture. The disclosed method allows for storing, by each central processing unit (CPU) core, a non-atomic data structure, which is specific to each networking CPU core, in a memory shared by the plurality of CPU cores. Also, the memory is not associated with any locking mechanism. In response to a data packet is received by a particular CPU core, the disclosed system will update a value of the non-atomic data structure corresponding to the particular CPU core. The data structure may be a counter or a fragment table. Further, a dedicated CPU core is allocated to process only data packets received from other CPU cores, and is responsible for dynamically responding to queries receives from a control plane process.

摘要翻译： 本公开公开了一种用于在具有对称多处理架构的网络设备中实现具有多个CPU内核的增强性能的方法和网络设备。 所公开的方法允许由每个中央处理单元（CPU）存储由多个CPU核共享的存储器中的每个联网CPU核心特有的非原子数据结构。 此外，内存不与任何锁定机制相关联。 响应于特定CPU核心接收到的数据分组，所公开的系统将更新对应于特定CPU核心的非原子数据结构的值。 数据结构可以是计数器或片段表。 此外，分配专用CPU核以仅处理从其他CPU核心接收的数据分组，并且负责动态响应从控制平面进程接收到的查询。

公开(公告)号：US08862799B2

公开(公告)日：2014-10-14

申请号：US12336434

申请日：2008-12-16

申请人： Gaurav Rastogi ,  Ramsundar Janakiraman ,  Kalyan Ghosh ,  Badri Ramaswamy ,  Joy J. Chatterjee

发明人： Gaurav Rastogi ,  Ramsundar Janakiraman ,  Kalyan Ghosh ,  Badri Ramaswamy ,  Joy J. Chatterjee

IPC分类号： G06F3/00 ,  H04L29/08 ,  H04L12/24 ,  H04L12/931

CPC分类号： H04L49/357 ,  H04L41/0803 ,  H04L41/0816 ,  H04L41/0893 ,  H04L41/12 ,  H04L49/354 ,  H04L67/1097

摘要： A technique is provided for facilitating fabric membership login for an N_Port of a storage area network. A communication from a network node is received. The communication may include a portion of criteria associated with the N_Port. Using at least a portion of the portion of criteria, a virtual fabric identifier corresponding to a virtual fabric which is associated with the N_Port may be automatically identified. Fabric configuration information, which includes the virtual fabric identifier, may be automatically provided to the network node. A fabric login request from the N_Port to login to the virtual fabric may then be received. According to a specific embodiment, the communication may be transmitted from a network node to an F_Port on a Fiber Channel switch. When the N_Port received the fabric configuration information from the F_Port, the generating, using at least a portion of the received fabric configuration information, a fabric login request message may be generated by the N_Port which includes a fabric login request for the N_Port to login to the virtual fabric corresponding to the virtual fabric identifier. In at least one implementation, the N_Port and/or F_Port may be configured or designed to support trunking functionality.

摘要翻译： 提供了一种用于促进存储区域网络的N_Port的织物成员登录的技术。 接收到来自网络节点的通信。 通信可以包括与N_Port相关联的标准的一部分。 使用标准部分的至少一部分，可以自动识别对应于与N_Port相关联的虚拟结构的虚拟结构标识符。 可以将包括虚拟结构标识符的布局配置信息自动提供给网络节点。 然后可以接收从N_Port登录到虚拟结构的结构登录请求。 根据具体实施例，可以将通信从网络节点传输到光纤通道交换机上的F_Port。 当N_Port从F_Port接收到结构配置信息时，使用至少一部分接收到的结构配置信息生成结构登录请求消息的N_Port可以由N_Port生成，该N_Port包括用于N_Port登录到 虚拟结构对应于虚拟结构标识符。 在至少一个实现中，N_Port和/或F_Port可以被配置或设计成支持中继功能。

公开(公告)号：US20140156954A1

公开(公告)日：2014-06-05

申请号：US13692622

申请日：2012-12-03

申请人： Ramsundar Janakiraman ,  Prasad Palkar ,  Brijesh Nambiar ,  Sridhar Kamsetty ,  Vijayaraghavan Doraiswami

发明人： Ramsundar Janakiraman ,  Prasad Palkar ,  Brijesh Nambiar ,  Sridhar Kamsetty ,  Vijayaraghavan Doraiswami

IPC分类号： G06F12/14

CPC分类号： G06F9/526 ,  H04L12/56

摘要： The present disclosure discloses a method and network device for achieving enhanced performance with multiple CPU cores in a network device having a symmetric multiprocessing architecture. The disclosed method allows for storing, by each central processing unit (CPU) core, a non-atomic data structure, which is specific to each networking CPU core, in a memory shared by the plurality of CPU cores. Also, the memory is not associated with any locking mechanism. In response to a data packet is received by a particular CPU core, the disclosed system will update a value of the non-atomic data structure corresponding to the particular CPU core. The data structure may be a counter or a fragment table. Further, a dedicated CPU core is allocated to process only data packets received from other CPU cores, and is responsible for dynamically responding to queries receives from a control plane process.

摘要翻译： 本公开公开了一种用于在具有对称多处理架构的网络设备中实现具有多个CPU内核的增强性能的方法和网络设备。 所公开的方法允许由每个中央处理单元（CPU）存储由多个CPU核共享的存储器中的每个联网CPU核心特有的非原子数据结构。 此外，内存不与任何锁定机制相关联。 响应于特定CPU核心接收到的数据分组，所公开的系统将更新对应于特定CPU核心的非原子数据结构的值。 数据结构可以是计数器或片段表。 此外，分配专用CPU核以仅处理从其他CPU核心接收的数据分组，并且负责动态响应从控制平面进程接收到的查询。