公开(公告)号：US06956853B1

公开(公告)日：2005-10-18

申请号：US09814619

申请日：2001-03-22

申请人： Glenn William Connery ,  Gary Jaszewski ,  Richard Reid

发明人： Glenn William Connery ,  Gary Jaszewski ,  Richard Reid

IPC分类号： H04L12/56 ,  H04L12/28

CPC分类号： H04L49/901 ,  H04L49/90 ,  H04L49/9042 ,  H04L69/16 ,  H04L69/161

摘要： An adapter is provided with intelligence that allows it to separate the header parts of a packet being received from the payload it carries, and in most cases move the payload directly into a destination buffer at the application layer or file system layer. Copies by the intermediate layers of the protocol stack are bypassed, reducing the number of times that the payload of a communication must be copied by the host system. At the network interface, a plurality of packets is received, and the payload of each is bypassed directly into the target destination buffer. The network interface device identifies the packets which are in the sequence of packets carrying payload to be stored in the target buffer by the flow specification carried with such packets. Also, the packets carrying data payload for the file include a sequence number or other identifier by which the network interface is able to determine the offset within the target buffer to which the packet is to be stored.

摘要翻译： 适配器具有智能，允许它从正在接收的分组的报头部分分离其所携带的有效载荷，并且在大多数情况下，将有效负载直接移动到应用层或文件系统层的目的地缓冲器中。 旁路协议栈的中间层的副本，减少主机系统必须复制通信的有效载荷的次数。 在网络接口处，接收多个分组，并且将每个分组的有效载荷直接旁路到目标目标缓冲器中。 网络接口设备通过携带这种分组的流规范来识别携带有待存储在目标缓冲器中的有效载荷的分组序列中的分组。 此外，携带文件的数据有效载荷的分组包括序列号或其他标识符，网络接口能够通过该序列号或其他标识符来确定要被存储到分组的目标缓冲器内的偏移。

公开(公告)号：US06246683B1

公开(公告)日：2001-06-12

申请号：US09071692

申请日：1998-05-01

申请人： Glenn William Connery ,  Gary Jaszewski ,  Richard Reid

发明人： Glenn William Connery ,  Gary Jaszewski ,  Richard Reid

IPC分类号： G08C1508

CPC分类号： H04L49/901 ,  H04L49/90 ,  H04L49/9042 ,  H04L69/16 ,  H04L69/161

摘要： An adapter is provided with intelligence that allows it to separate the header parts of a packet being received from the payload it carries, and in most cases move the payload directly into a destination buffer at the application layer or file system layer. Copies by the intermediate layers of the protocol stack are bypassed, reducing the number of times that the payload of a communication must be copied by the host system. At the network interface, a plurality of packets is received, and the payload of each is bypassed directly into the target destination buffer. The network interface device identifies the packets which are in the sequence of packets carrying payload to be stored in the target buffer by the flow specification carried with such packets. Also, the packets carrying data payload for the file include a sequence number or other identifier by which the network interface is able to determine the offset within the target buffer to which the packet is to be stored.

摘要翻译： 适配器具有智能，允许它从正在接收的分组的报头部分分离其所携带的有效载荷，并且在大多数情况下，将有效负载直接移动到应用层或文件系统层的目的地缓冲器中。 旁路协议栈的中间层的副本，减少主机系统必须复制通信的有效载荷的次数。 在网络接口处，接收多个分组，并且将每个分组的有效载荷直接旁路到目标目标缓冲器中。 网络接口设备通过携带这种分组的流规范来识别携带有待存储在目标缓冲器中的有效载荷的分组序列中的分组。 此外，携带文件的数据有效载荷的分组包括序列号或其他标识符，网络接口能够通过该序列号或其他标识符来确定要被存储到分组的目标缓冲器内的偏移。

公开(公告)号：US5937169A

公开(公告)日：1999-08-10

申请号：US960238

申请日：1997-10-29

申请人： Glenn William Connery ,  W. Paul Sherer ,  Gary Jaszewski ,  James S. Binder

发明人： Glenn William Connery ,  W. Paul Sherer ,  Gary Jaszewski ,  James S. Binder

IPC分类号： G06F13/38

CPC分类号： G06F13/387

摘要： A method is provided for sending data from a data source executing a network protocol such as the TCP/IP protocol stack, which includes a process for generating headers for packets according to the network protocol. The method includes sending such data on a network through a smart network interface. The network protocol defines a datagram in the data source, including generating a header template and supplying a data payload. The datagram is supplied to the network interface. At the network interface, a plurality of packets of data are generated from the datagram. The plurality of packets include respective headers, such as TCP/IP headers, based on the header template, and include respective segments of the data payload. The network interface supports packets having a pre-specified length, and the data payload is greater than the pre-specified length, such as two to forty times larger or more. Thus, the higher layer processing specifies a very large datagram, which is automatically segmented at the network interface layer, instead of at the TCP layer.

摘要翻译： 提供一种用于从执行诸如TCP / IP协议栈的网络协议的数据源发送数据的方法，其包括根据网络协议为分组生成报头的处理。 该方法包括通过智能网络接口在网络上发送这样的数据。 网络协议定义数据源中的数据报，包括生成头模板并提供数​​据有效载荷。 数据报提供给网络接口。 在网络接口，从数据报生成多个数据包。 多个分组包括基于头模板的各自的报头，例如TCP / IP报头，并且包括数据有效载荷的各个段。 网络接口支持具有预定长度的数据包，并且数据有效载荷大于预先指定的长度，例如大于或等于2到40倍。 因此，较高层处理规定了非常大的数据报，其在网络接口层而不是在TCP层被自动分段。

公开(公告)号：US07028335B1

公开(公告)日：2006-04-11

申请号：US09384158

申请日：1999-08-27

申请人： Michael S. Borella ,  Gary Jaszewski ,  Danny M. Nessett

发明人： Michael S. Borella ,  Gary Jaszewski ,  Danny M. Nessett

IPC分类号： H04L9/00 ,  H04L12/28 ,  H04L12/56

CPC分类号： H04L63/0407 ,  H04L29/12367 ,  H04L29/12405 ,  H04L61/2514 ,  H04L61/2528 ,  H04L63/0428

摘要： A method and system for distributed network address translation with security for controlling and limiting the disruption caused by denial of service attacks. The method and system have a first network device and a second network device on a first network, and a third network device on a second network external to the first network, with an established security association between the first network device and the third network device. The first network device specifies an external address of the third network device for the security association to the second network device, which stores the external address in a table. The second network device then maps at least one of an internal address and a security value to the external address in the table. Any packets sent from the third network device to the first network device are intercepted by the second network device, which determines the external address and security value of the packet. If the security value of the packet has been allocated to the first network device, and the external address of the packet has been specified by the first network device as being valid, the packet is sent from the second network device to the first network device using distributed network address translation with security. Otherwise, the packet is discarded by the second network device.

摘要翻译： 一种用于分布式网络地址转换的方法和系统，具有用于控制和限制由拒绝服务攻击引起的中断的安全性。 该方法和系统在第一网络上具有第一网络设备和第二网络设备，以及在第一网络外部的第二网络上的第三网络设备，具有在第一网络设备和第三网络设备之间建立的安全关联。 第一网络设备指定用于与第二网络设备的安全关联的第三网络设备的外部地址，其将外部地址存储在表中。 然后，第二网络设备将内部地址和安全值中的至少一个映射到表中的外部地址。 从第三网络设备发送到第一网络设备的任何分组被第二网络设备拦截，第二网络设备确定分组的外部地址和安全性值。 如果分组的安全值已分配给第一网络设备，并且分组的外部地址已被第一网络设备指定为有效，则该分组从第二网络设备发送到第一网络设备，使用 分布式网络地址转换具有安全性。 否则，该分组被第二网络设备丢弃。

公开(公告)号：US07574491B2

公开(公告)日：2009-08-11

申请号：US11193602

申请日：2005-07-29

申请人： Lawrence Stein ,  Evan Bigall ,  Russell S Greer ,  Gary Jaszewski ,  Jared Oberhaus

发明人： Lawrence Stein ,  Evan Bigall ,  Russell S Greer ,  Gary Jaszewski ,  Jared Oberhaus

IPC分类号： G06F15/177 ,  G06F15/16 ,  G06F9/445

CPC分类号： H04L41/0869 ,  H04L41/046 ,  H04L41/0806 ,  H04L41/12

摘要： A system and a method for implementing a virtual data center. In which, the functions to be performed by a computer, and the access the computer equipment is required to have to the storage and network facilities, are decoupled from the hardware, and instantiated dynamically on any suitable computer equipment, without any manual intervention. In a virtual data center, all the physical resources are virtualized and arranged dynamically, to meet the functional requirements of the data center.

摘要翻译： 一种用于实现虚拟数据中心的系统和方法。 其中，由计算机执行的功能以及计算机设备对存储和网络设施的访问必须与硬件解耦，并在任何合适的计算机设备上动态实例化，无需任何手动干预。 在虚拟数据中心，所有的物理资源都被动态虚拟化和配置，以满足数据中心的功能需求。

公开(公告)号：US20060126654A1

公开(公告)日：2006-06-15

申请号：US11008441

申请日：2004-12-09

申请人： Chandrasekharan Nilakantan ,  Gary Jaszewski

发明人： Chandrasekharan Nilakantan ,  Gary Jaszewski

IPC分类号： H04L12/28

CPC分类号： H04L43/0811 ,  H04L45/48

摘要： The present invention provides a method and system for managing communication in a data network. The method and system involves monitoring the communication channels at the host level. The hosts are updated with the monitoring information following which they take a coordinated decision in cases of failure of a channel. The data network comprises a plurality of hosts, which are connected to each other through a plurality of channels. A monitor host is elected out of the plurality of hosts to periodically broadcast a system state packet to the plurality of hosts. The system state packet contains information about the state of the plurality of channels and the plurality of hosts for a given channel. Each of the plurality of hosts compares the observed state of channels, as observed by it, with the reported state as reported in the system state packet. In case a host identifies a discrepancy between the observed state and the reported state, it broadcasts a host state packet, updating the monitor host about the observed state. The monitor host, on the basis of the information contained in the host state packet, updates the system state packet and broadcasts the updated system state packet to the plurality of hosts. Based on the updated system state packets, each of the plurality of hosts may select an alternate optimal channel for communication in case a channel fails.

摘要翻译： 本发明提供了一种用于管理数据网络中的通信的方法和系统。 该方法和系统涉及监视主机级的通信信道。 主机随监控信息更新，随后在通道发生故障的情况下对主机进行协调决策。 数据网络包括通过多个信道彼此连接的多个主机。 从多个主机中选出监视器主机，以周期性地向多个主机广播系统状态分组。 系统状态分组包含关于给定信道的多个信道和多个主机的状态的信息。 多个主机中的每个主机将观察到的通道的观察状态与系统状态分组中报告的报告状态进行比较。 如果主机识别观察到的状态和报告状态之间的差异，则它广播主机状态分组，更新监视主机关于观察到的状态。 监视主机基于主机状态包中包含的信息更新系统状态数据包，并将更新的系统状态数据包广播到多个主机。 基于更新的系统状态分组，多个主机中的每一个可以在信道失败的情况下选择用于通信的备选最佳信道。

公开(公告)号：US20070027973A1

公开(公告)日：2007-02-01

申请号：US11193602

申请日：2005-07-29

申请人： Lawrence Stein ,  Evan Bigall ,  Russell Greer ,  Gary Jaszewski ,  Jared Oberhaus

发明人： Lawrence Stein ,  Evan Bigall ,  Russell Greer ,  Gary Jaszewski ,  Jared Oberhaus

IPC分类号： G06F15/173

CPC分类号： H04L41/0869 ,  H04L41/046 ,  H04L41/0806 ,  H04L41/12

摘要： A system and a method for implementing a virtual data center. In which, the functions to be performed by a computer, and the access the computer equipment is required to have to the storage and network facilities, are decoupled from the hardware, and instantiated dynamically on any suitable computer equipment, without any manual intervention. In a virtual data center, all the physical resources are virtualized and arranged dynamically, to meet the functional requirements of the data center.

摘要翻译： 一种用于实现虚拟数据中心的系统和方法。 其中，由计算机执行的功能以及计算机设备对存储和网络设施的访问必须与硬件解耦，并在任何合适的计算机设备上动态实例化，无需任何手动干预。 在虚拟数据中心，所有的物理资源都被动态虚拟化和配置，以满足数据中心的功能需求。

公开(公告)号：US20050091396A1

公开(公告)日：2005-04-28

申请号：US10692667

申请日：2003-10-24

申请人： Chandrasekharan Nilakantan ,  Siva Kumar ,  Andrew Laursen ,  Saroop Mathur ,  Gary Jaszewski ,  Mei-Ying Chan

发明人： Chandrasekharan Nilakantan ,  Siva Kumar ,  Andrew Laursen ,  Saroop Mathur ,  Gary Jaszewski ,  Mei-Ying Chan

IPC分类号： H04L12/56 ,  G06F15/16

CPC分类号： H04L45/44 ,  H04L45/04 ,  H04L45/38 ,  H04L45/42

摘要： Methods and systems for determining paths for flows within a multi-stage network made up of clusters of processing nodes. The flow paths may be determined without knowledge of whether or not packets of a particular flow will actually traverse specific ones of the clusters within the multi-stage network. In various implementations, the nodes of the multi-stage network may be coupled to one or more physical network switches through respective physical interfaces and a virtual connectivity grid superimposed thereon and configured through the use of a flow routing framework and system management framework to group the nodes into a number of clusters. The nodes of each cluster are configured to perform similar packet processing functions and the clusters are interconnected through virtual networks to which the nodes are communicatively coupled via virtual interfaces overlaid on top of the physical network interfaces.

摘要翻译： 用于确定由处理节点簇组成的多级网络内的流的路径的方法和系统。 可以在不知道特定流的分组是否将实际穿过多级网络内的特定群集的情况下确定流路径。 在各种实现中，多级网络的节点可以通过相应的物理接口和叠加在其上的虚拟连接网格耦合到一个或多个物理网络交换机，并且通过使用流路由框架和系统管理框架来配置， 节点成多个簇。 每个集群的节点被配置为执行类似的分组处理功能，并且通过虚拟网络互连该集群，通过虚拟网络将节点通过物理网络接口上的虚拟接口通信耦合到该网络。