公开(公告)号：US06829217B1

公开(公告)日：2004-12-07

申请号：US10307805

申请日：2002-12-02

申请人： Andreas V. Bechtolsheim ,  David R. Cheriton

发明人： Andreas V. Bechtolsheim ,  David R. Cheriton

IPC分类号： H04L1226

CPC分类号： H04L47/621 ,  H04L47/21 ,  H04L47/24 ,  H04L47/2441 ,  H04L47/30 ,  H04L47/31 ,  H04L47/32 ,  H04L49/90

摘要： The present invention provides a per-flow dynamic buffer management scheme for a data communications device. With per-flow dynamic buffer limiting, the header information for each packet is mapped into an entry in a flow table, with a separate flow table provided for each output queue. Each flow table entry maintains a buffer count for the packets currently in the queue for each flow. On each packet enqueuing action, a dynamic buffer limit is computed for the flow and compared against the buffer count already used by the flow to make a mark, drop, or enqueue decision. A packet in a flow is dropped or marked if the buffer count is above the limit. Otherwise, the packet is enqueued and the buffer count incremented by the amount used by the newly-enqueued packet. The scheme operates independently of packet data rate and flow behavior, providing means for rapidly discriminating well-behaved flows from non-well-behaved flows in order to manage buffer allocation accordingly. Additionally, the present invention adapts to changing flow requirements by fairly sharing buffer resources among both well-behaved and non-well-behaved flows.

摘要翻译： 本发明提供了一种用于数据通信设备的每流动态缓冲器管理方案。 使用每流动态缓冲区限制，每个数据包的头信息被映射到流表中的条目，并为每个输出队列提供单独的流表。 每个流表条目为每个流的队列中当前的数据包维护一个缓冲区计数。 在每个数据包进入行动中，为流量计算动态缓冲区限制，并与流已经使用的进行标记，丢弃或入队决策的缓冲区数进行比较。 如果缓冲区数超过限制，流中的数据包将被丢弃或标记。 否则，数据包入队，缓冲区计数增加新入队数据包使用的数量。 该方案独立于分组数据速率和流行为运行，提供用于快速区分来自不良行为流的良好行为流的手段，以便相应地管理缓冲器分配。 此外，本发明通过在良好行为和非良好行为流之间公平共享缓冲资源来适应不断变化的流量需求。

公开(公告)号：US06343072B1

公开(公告)日：2002-01-29

申请号：US09002122

申请日：1997-12-31

申请人： Andreas V. Bechtolsheim ,  David R. Cheriton

发明人： Andreas V. Bechtolsheim ,  David R. Cheriton

IPC分类号： H04L1246

CPC分类号： H04L49/351 ,  H04L49/103 ,  H04L49/205 ,  H04L49/3018

摘要： The invention provides a single-chip method. The method includes a memory shared among packet buffers for receiving packets, packet buffers for transmitting packets, and packet header buffers for packet forwarding lookup. Accesses to that shared memory are multiplexed and prioritized. Packet reception is performed with relatively high priority, packet transmission is performed with medium priority, and packet forwarding lookup is performed with relatively low priority. The single-chip method includes circuits for serially receiving packet header information, converting that information into a parallel format for transmission to an SRAM for lookup, and queuing input packets for later forwarding at an output port. Similarly, the single-chip method includes circuits for queuing output packets for transmission at an output port, receiving packet forwarding information from the SRAM in a parallel format, and converting packet header information from output packets into a serial format for transmission. The single-chip method also includes a region in its shared memory for a packet forwarding table, and circuits for performing forwarding lookup responsive to packet header information.

摘要翻译： 本发明提供了一种单芯片方法。 该方法包括在用于接收分组的分组缓冲器之间共享的存储器，用于传送分组的分组缓冲器和用于分组转发查找的分组报头缓冲器。 对该共享存储器的访问被多路复用并确定了优先级。 以较高优先级执行分组接收，以中等优先级执行分组传输，并且以较低优先级执行分组转发查找。 单芯片方法包括用于串行接收分组报头信息的电路，将该信息转换成并行格式以发送到用于查找的SRAM，并且排队输入分组以便稍后在输出端口转发。 类似地，单芯片方法包括用于排队输出分组以在输出端口传输的电路，以并行格式从SRAM接收分组转发信息，以及将分组报头信息从输出分组转换为用于传输的串行格式。 单芯片方法还包括其用于分组转发表的共享存储器中的区域，以及响应于分组报头信息执行转发查找的电路。

公开(公告)号：US20090046734A1

公开(公告)日：2009-02-19

申请号：US12237546

申请日：2008-09-25

申请人： David R. Cheriton ,  Andreas V. Bechtolsheim

发明人： David R. Cheriton ,  Andreas V. Bechtolsheim

IPC分类号： H04L12/56

CPC分类号： H04L12/4645 ,  H04L12/4608

摘要： The invention provides an enhanced datagram packet switched computer network. The invention processes network datagram packets in network devices as separate flows, based on the source-destination address pair in the datagram packet. As a result, the network can control and manage each flow of datagrams in a segregated fashion. The processing steps that can be specified for each flow include traffic management, flow control, packet forwarding, access control, and other network management functions. The ability to control network traffic on a per flow basis allows for the efficient handling of a wide range and a large variety of network traffic, as is typical in large-scale computer networks, including video and multimedia traffic. The amount of buffer resources and bandwidth resources assigned to each flow can be individually controlled by network management. In the dynamic operation of the network, these resources can be varied—based on actual network traffic loading and congestion encountered. The invention also teaches an enhanced datagram packet switched computer network which can selectively control flows of datagram packets entering the network and traveling between network nodes. This new network access control method also interoperates with existing media access control protocols, such as used in the Ethernet or 802.3 local area network. An aspect of the invention is that it does not require any changes to existing network protocols or network applications.

摘要翻译： 本发明提供了一种增强型数据包分组交换计算机网络。 本发明基于数据报包中的源 - 目的地址对，将网络设备中的网络数据报包处理为单独的流。 因此，网络可以以隔离的方式来控制和管理数据报的每个流。 可以为每个流量指定的处理步骤包括流量管理，流量控制，数据包转发，访问控制和其他网络管理功能。 在每个流量基础上控制网络流量的能力允许对大范围和各种各样的网络流量的有效处理，如在包括视频和多媒体流量在内的大型计算机网络中典型的。 分配给每个流的缓冲资源和带宽资源的数量可以由网络管理单独控制。 在网络的动态运行中，这些资源可以根据实际的网络流量负载和遇到的拥塞而变化。 本发明还教导了一种增强的数据包分组交换计算机网络，其可以选择性地控制进入网络并在网络节点之间传播的数据报分组的流。 这种新的网络访问控制方法还与现有的媒体访问控制协议（例如在以太网或802.3局域网中使用的协议）互操作。 本发明的一个方面是不需要对现有网络协议或网络应用进行任何改变。

公开(公告)号：US06798776B1

公开(公告)日：2004-09-28

申请号：US09482940

申请日：2000-01-14

申请人： David R. Cheriton ,  Andreas V. Bechtolsheim

发明人： David R. Cheriton ,  Andreas V. Bechtolsheim

IPC分类号： H04L1256

CPC分类号： H04L12/4645 ,  H04L12/4608

摘要： A method and apparatus for an enhanced datagram packet switched computer network is disclosed. The invention processes network datagram packets in network devices as separate flows, based on the source-destination address pair contained in the datagram packet itself. As a result, the network can control and manage each flow of datagrams in a segregated fashion. The processing steps that can be specified for each flow include traffic management, flow control, packet forwarding, access control, and other network management functions. The ability to control network traffic on a per flow basis allows for the efficient handling of a wide range and a large variety of network traffic, as is typical in large-scale computer networks, including video and multimedia type traffic. The amount of buffer resources and bandwidth resources assigned to each flow can be individually controlled by network management. In the dynamic operation of the network, these resources can be varied based on actual network traffic loading and congestion encountered.

摘要翻译： 公开了一种用于增强型数据包分组交换计算机网络的方法和装置。 本发明基于数据包分组本身包含的源 - 目的地址对，将网络设备中的网络数据包分组处理为单独的流。 因此，网络可以以隔离的方式来控制和管理数据报的每个流。 可以为每个流量指定的处理步骤包括流量管理，流量控制，数据包转发，访问控制和其他网络管理功能。 在每个流量基础上控制网络流量的能力允许有效地处理广泛的范围和各种各样的网络流量，这在大型计算机网络中是典型的，包括视频和多媒体类型的流量。 分配给每个流的缓冲资源和带宽资源的数量可以由网络管理单独控制。 在网络的动态操作中，这些资源可以根据实际的网络流量负载和遇到的拥塞而变化。

公开(公告)号：US07443858B1

公开(公告)日：2008-10-28

申请号：US10725968

申请日：2003-12-02

申请人： David R. Cheriton ,  Andreas V. Bechtolsheim

发明人： David R. Cheriton ,  Andreas V. Bechtolsheim

IPC分类号： H04L12/56

CPC分类号： H04L12/4645 ,  H04L12/4608

摘要： The invention provides an enhanced datagram packet switched computer network. The invention processes network datagram packets in network devices as separate flows, based on the source-destination address pair in the datagram packet. As a result, the network can control and manage each flow of datagrams in a segregated fashion. The processing steps that can be specified for each flow include traffic management, flow control, packet forwarding, access control, and other network management functions. The ability to control network traffic on a per flow basis allows for the efficient handling of a wide range and a large variety of network traffic, as is typical in large-scale computer networks, including video and multimedia traffic. The amount of buffer resources and bandwidth resources assigned to each flow can be individually controlled by network management. In the dynamic operation of the network, these resources can be varied—based on actual network traffic loading and congestion encountered. The invention also teaches an enhanced datagram packet switched computer network which can selectively control flows of datagram packets entering the network and traveling between network nodes. This new network access control method also interoperates with existing media access control protocols, such as used in the Ethernet or 802.3 local area network. An aspect of the invention is that it does not require any changes to existing network protocols or network applications.

摘要翻译： 本发明提供了一种增强型数据包分组交换计算机网络。 本发明基于数据报包中的源 - 目的地址对，将网络设备中的网络数据报包处理为单独的流。 因此，网络可以以隔离的方式来控制和管理数据报的每个流。 可以为每个流量指定的处理步骤包括流量管理，流量控制，数据包转发，访问控制和其他网络管理功能。 在每个流量基础上控制网络流量的能力允许对大范围和各种各样的网络流量的有效处理，如在包括视频和多媒体流量在内的大型计算机网络中典型的。 分配给每个流的缓冲资源和带宽资源的数量可以由网络管理单独控制。 在网络的动态运行中，这些资源可以根据实际的网络流量负载和遇到的拥塞而变化。 本发明还教导了一种增强的数据包分组交换计算机网络，其可以选择性地控制进入网络并在网络节点之间传播的数据报分组的流。 这种新的网络访问控制方法还与现有的媒体访问控制协议（例如在以太网或802.3局域网中使用的协议）互操作。 本发明的一个方面是不需要对现有网络协议或网络应用进行任何改变。

公开(公告)号：US06515963B1

公开(公告)日：2003-02-04

申请号：US09238552

申请日：1999-01-27

申请人： Andreas V. Bechtolsheim ,  David R. Cheriton

发明人： Andreas V. Bechtolsheim ,  David R. Cheriton

IPC分类号： H04L100

CPC分类号： H04L47/621 ,  H04L47/21 ,  H04L47/24 ,  H04L47/2441 ,  H04L47/30 ,  H04L47/31 ,  H04L47/32 ,  H04L49/90

摘要： The present invention provides a per-flow dynamic buffer management scheme for a data communications device. With per-flow dynamic buffer limiting, the header information for each packet is mapped into an entry in a flow table, with a separate flow table provided for each output queue. Each flow table entry maintains a buffer count for the packets currently in the queue for each flow. On each packet enqueuing action, a dynamic buffer limit is computed for the flow and compared against the buffer count already used by the flow to make a mark, drop, or enqueue decision. A packet in a flow is dropped or marked if the buffer count is above the limit. Otherwise, the packet is enqueued and the buffer count incremented by the amount used by the newly-enqueued packet. The scheme operates independently of packet data rate and flow behavior, providing means for rapidly discriminating well-behaved flows from non-well-behaved flows in order to manage buffer allocation accordingly. Additionally, the present invention adapts to changing flow requirements by fairly sharing buffer resources among both well-behaved and non-well-behaved flows.

摘要翻译： 本发明提供了一种用于数据通信设备的每流动态缓冲器管理方案。 使用每流动态缓冲区限制，每个数据包的头信息被映射到流表中的条目，并为每个输出队列提供单独的流表。 每个流表条目为每个流的队列中当前的数据包维护一个缓冲区计数。 在每个数据包进入行动中，为流量计算动态缓冲区限制，并与流已经使用的进行标记，丢弃或入队决策的缓冲区数进行比较。 如果缓冲区数超过限制，流中的数据包将被丢弃或标记。 否则，数据包入队，缓冲区计数增加新入队数据包使用的数量。 该方案独立于分组数据速率和流行为运行，提供用于快速区分来自不良行为流的良好行为流的手段，以便相应地管理缓冲器分配。 此外，本发明通过在良好行为和非良好行为流之间公平共享缓冲资源来适应不断变化的流量需求。

公开(公告)号：US06377577B1

公开(公告)日：2002-04-23

申请号：US09108071

申请日：1998-06-30

申请人： Andreas V. Bechtolsheim ,  David R. Cheriton

发明人： Andreas V. Bechtolsheim ,  David R. Cheriton

IPC分类号： G06F934

CPC分类号： H04L47/10 ,  H04L45/50 ,  H04L45/7453 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/31 ,  H04L63/0263 ,  H04L63/101

摘要： The invention provides for hardware processing of ACLs and thus hardware enforcement of access control. A sequence of access control specifiers from an ACL are recorded in a CAM, and information from the packet header is used to attempt to match selected source and destination IP addresses or subnets, ports, and protocols, against all the ACL specifiers at once. Successful matches are input to a priority selector, which selects the match with the highest priority (that is, the match that is first in the sequence of access control specifiers). The specified result of the selected match is used to permit or deny access for the packet without need for software processing, preferably at a rate comparable to wirespeed. The CAM includes an ordered sequence of entries, each of which has an array of ternary elements for matching “0”, “1”, or any value, and each of which generates a match signal. The ACL entered for recording in the CAM can be optimized to reduce the number of separate entries in the CAM, such as by combining entries which are each special cases of a more general access control specifier. A router including the CAM can also include preprocessing circuits for certain range comparisons which have been found both to be particularly common and to be otherwise inefficiently represented by the ternary nature of the CAM, such as comparisons of the port number against known special cases such as “greater than 1023” or “within the range 6000 to 6500”.

摘要翻译： 本发明提供了ACL的硬件处理，从而提供了访问控制的硬件实现。 来自ACL的访问控制说明符序列被记录在CAM中，并且来自分组报头的信息用于尝试将所选的源和目的地IP地址或子网，端口和协议与所有ACL说明符一致地匹配。 成功的匹配被输入到优先级选择器，该选择器选择具有最高优先级的匹配（即，访问控制说明符序列中的匹配）。 所选择的匹配的指定结果用于允许或拒绝对数据包的访问，而不需要软件处理，优选地以与线速度相当的速率。 CAM包括有序的条目序列，每个条目具有用于匹配“0”，“1”或任何值的三元元素的阵列，并且每个都产生匹配信号。 可以对在CAM中记录的ACL进行优化，以减少CAM中单独条目的数量，例如通过组合更通用的访问控制说明符的每个特殊情况的条目。 包括CAM的路由器还可以包括用于某些范围比较的预处理电路，这些电路已经被发现是特别常见的，并且由CAM的三元性质以其他方式低效地表示，例如端口号与已知的特殊情况的比较，例如 “大于1023”或“6000至6500”范围内。

公开(公告)号：US08401027B2

公开(公告)日：2013-03-19

申请号：US12237546

申请日：2008-09-25

申请人： David R. Cheriton ,  Andreas V. Bechtolsheim

发明人： David R. Cheriton ,  Andreas V. Bechtolsheim

IPC分类号： H04L12/54 ,  H04L29/02

CPC分类号： H04L12/4645 ,  H04L12/4608

摘要： The invention provides an enhanced datagram packet switched computer network. The invention processes network datagram packets in network devices as separate flows, based on the source-destination address pair in the datagram packet. As a result, the network can control and manage each flow of datagrams in a segregated fashion. The processing steps that can be specified for each flow include traffic management, flow control, packet forwarding, access control, and other network management functions. The ability to control network traffic on a per flow basis allows for the efficient handling of a wide range and a large variety of network traffic, as is typical in large-scale computer networks, including video and multimedia traffic. The amount of buffer resources and bandwidth resources assigned to each flow can be individually controlled by network management. In the dynamic operation of the network, these resources can be varied—based on actual network traffic loading and congestion encountered. The invention also teaches an enhanced datagram packet switched computer network which can selectively control flows of datagram packets entering the network and traveling between network nodes. This new network access control method also interoperates with existing media access control protocols, such as used in the Ethernet or 802.3 local area network. An aspect of the invention is that it does not require any changes to existing network protocols or network applications.

摘要翻译： 本发明提供了一种增强型数据包分组交换计算机网络。 本发明基于数据报包中的源 - 目的地址对，将网络设备中的网络数据报包处理为单独的流。 因此，网络可以以隔离的方式来控制和管理数据报的每个流。 可以为每个流量指定的处理步骤包括流量管理，流量控制，数据包转发，访问控制和其他网络管理功能。 在每个流量基础上控制网络流量的能力允许对大范围和各种各样的网络流量的有效处理，如在包括视频和多媒体流量在内的大型计算机网络中典型的。 分配给每个流的缓冲资源和带宽资源的数量可以由网络管理单独控制。 在网络的动态运行中，这些资源可以根据实际的网络流量负载和遇到的拥塞而变化。 本发明还教导了一种增强的数据包分组交换计算机网络，其可以选择性地控制进入网络并在网络节点之间传播的数据报分组的流。 这种新的网络访问控制方法还与现有的媒体访问控制协议（例如在以太网或802.3局域网中使用的协议）互操作。 本发明的一个方面是不需要对现有网络协议或网络应用进行任何改变。

公开(公告)号：US07218632B1

公开(公告)日：2007-05-15

申请号：US09732497

申请日：2000-12-06

申请人： Andreas V. Bechtolsheim ,  David R. Cheriton

发明人： Andreas V. Bechtolsheim ,  David R. Cheriton

IPC分类号： H04L12/28

CPC分类号： H04L45/60 ,  H04L45/7453 ,  H04L49/25 ,  H04L49/254 ,  H04L49/3009

摘要： The invention provides a method and system for packet processing, in which a router (or switch) is capable of quickly processing incoming packets, thus performing level 2, 3, and 4 routing and additional services, in real time. A system includes a packet processing engine (PPE), having elements for receiving packets, distinguishing header and payload information for those packets, outsourcing router decision-making to additional hardware resources such as a fast forwarding engine (FFE), and forwarding those packets. The PPE is synchronized to the FFE, so that the PPE can send and the FFE can receive packets at each one of a sequence of constant-duration time quanta. Similarly, the PPE can receive and the FFE can send packet routing information at each one of a sequence of similar time quanta. The PPE and the FFE have separate hardware so that their functions can be performed in parallel without contention for operating resources.

摘要翻译： 本发明提供了一种用于分组处理的方法和系统，其中路由器（或交换机）能够快速处理进入的分组，从而实时地执行级别2,3和4的路由和附加服务。 系统包括分组处理引擎（PPE），其具有用于接收分组的元素，区分这些分组的报头和有效载荷信息，将路由器决策外包给诸如快速转发引擎（FFE）的附加硬件资源，以及转发这些分组。 PPE与FFE同步，使得PPE可以发送，FFE可以在恒定时间时间量程序列中的每一个接收数据包。 类似地，PPE可以接收，并且FFE可以在类似时间量子的序列中的每一个发送分组路由信息。 PPE和FFE具有单独的硬件，使得它们的功能可以并行执行，而无需争用操作资源。

公开(公告)号：US07215641B1

公开(公告)日：2007-05-08

申请号：US10979928

申请日：2004-11-02

申请人： Andreas V. Bechtolsheim ,  David R. Cheriton

发明人： Andreas V. Bechtolsheim ,  David R. Cheriton

IPC分类号： H04L12/56

CPC分类号： H04L47/30 ,  H04L47/2441 ,  H04L47/31 ,  H04L47/32 ,  H04L49/90 ,  H04L49/9005

摘要： The present invention provides a per-flow dynamic buffer management scheme for a data communications device. With per-flow dynamic buffer limiting, the header information for each packet is mapped into an entry in a flow table, with a separate flow table provided for each output queue. Each flow table entry maintains a buffer count for the packets currently in the queue for each flow. On each packet enqueuing action, a dynamic buffer limit is computed for the flow and compared against the buffer count already used by the flow to make a mark, drop, or enqueue decision. A packet in a flow is dropped or marked if the buffer count is above the limit. Otherwise, the packet is enqueued and the buffer count incremented by the amount used by the newly-enqueued packet. The scheme operates independently of packet data rate and flow behavior, providing means for rapidly discriminating well-behaved flows from non-well-behaved flows in order to manage buffer allocation accordingly. Additionally, the present invention adapts to changing flow requirements by fairly sharing buffer resources among both well-behaved and non-well-behaved flows.

摘要翻译： 本发明提供了一种用于数据通信设备的每流动态缓冲器管理方案。 使用每流动态缓冲区限制，每个数据包的头信息被映射到流表中的条目，并为每个输出队列提供单独的流表。 每个流表条目为每个流的队列中当前的数据包维护一个缓冲区计数。 在每个数据包进入行动中，为流量计算动态缓冲区限制，并与流已经使用的进行标记，丢弃或入队决策的缓冲区数进行比较。 如果缓冲区数超过限制，流中的数据包将被丢弃或标记。 否则，数据包入队，缓冲区计数增加新入队数据包使用的数量。 该方案独立于分组数据速率和流行为运行，提供用于快速区分来自不良行为流的良好行为流的手段，以便相应地管理缓冲器分配。 此外，本发明通过在良好行为和非良好行为流之间公平共享缓冲资源来适应不断变化的流量需求。