摘要:
A system and a method for implementing a virtual data center. In which, the functions to be performed by a computer, and the access the computer equipment is required to have to the storage and network facilities, are decoupled from the hardware, and instantiated dynamically on any suitable computer equipment, without any manual intervention. In a virtual data center, all the physical resources are virtualized and arranged dynamically, to meet the functional requirements of the data center.
摘要:
A system and a method for implementing a virtual data center. In which, the functions to be performed by a computer, and the access the computer equipment is required to have to the storage and network facilities, are decoupled from the hardware, and instantiated dynamically on any suitable computer equipment, without any manual intervention. In a virtual data center, all the physical resources are virtualized and arranged dynamically, to meet the functional requirements of the data center.
摘要:
A method and system for distributed network address translation with security for controlling and limiting the disruption caused by denial of service attacks. The method and system have a first network device and a second network device on a first network, and a third network device on a second network external to the first network, with an established security association between the first network device and the third network device. The first network device specifies an external address of the third network device for the security association to the second network device, which stores the external address in a table. The second network device then maps at least one of an internal address and a security value to the external address in the table. Any packets sent from the third network device to the first network device are intercepted by the second network device, which determines the external address and security value of the packet. If the security value of the packet has been allocated to the first network device, and the external address of the packet has been specified by the first network device as being valid, the packet is sent from the second network device to the first network device using distributed network address translation with security. Otherwise, the packet is discarded by the second network device.
摘要:
The present invention provides a method and system for managing communication in a data network. The method and system involves monitoring the communication channels at the host level. The hosts are updated with the monitoring information following which they take a coordinated decision in cases of failure of a channel. The data network comprises a plurality of hosts, which are connected to each other through a plurality of channels. A monitor host is elected out of the plurality of hosts to periodically broadcast a system state packet to the plurality of hosts. The system state packet contains information about the state of the plurality of channels and the plurality of hosts for a given channel. Each of the plurality of hosts compares the observed state of channels, as observed by it, with the reported state as reported in the system state packet. In case a host identifies a discrepancy between the observed state and the reported state, it broadcasts a host state packet, updating the monitor host about the observed state. The monitor host, on the basis of the information contained in the host state packet, updates the system state packet and broadcasts the updated system state packet to the plurality of hosts. Based on the updated system state packets, each of the plurality of hosts may select an alternate optimal channel for communication in case a channel fails.
摘要:
A method is provided for sending data from a data source executing a network protocol such as the TCP/IP protocol stack, which includes a process for generating headers for packets according to the network protocol. The method includes sending such data on a network through a smart network interface. The network protocol defines a datagram in the data source, including generating a header template and supplying a data payload. The datagram is supplied to the network interface. At the network interface, a plurality of packets of data are generated from the datagram. The plurality of packets include respective headers, such as TCP/IP headers, based on the header template, and include respective segments of the data payload. The network interface supports packets having a pre-specified length, and the data payload is greater than the pre-specified length, such as two to forty times larger or more. Thus, the higher layer processing specifies a very large datagram, which is automatically segmented at the network interface layer, instead of at the TCP layer.
摘要:
An adapter is provided with intelligence that allows it to separate the header parts of a packet being received from the payload it carries, and in most cases move the payload directly into a destination buffer at the application layer or file system layer. Copies by the intermediate layers of the protocol stack are bypassed, reducing the number of times that the payload of a communication must be copied by the host system. At the network interface, a plurality of packets is received, and the payload of each is bypassed directly into the target destination buffer. The network interface device identifies the packets which are in the sequence of packets carrying payload to be stored in the target buffer by the flow specification carried with such packets. Also, the packets carrying data payload for the file include a sequence number or other identifier by which the network interface is able to determine the offset within the target buffer to which the packet is to be stored.
摘要:
Methods and systems for determining paths for flows within a multi-stage network made up of clusters of processing nodes. The flow paths may be determined without knowledge of whether or not packets of a particular flow will actually traverse specific ones of the clusters within the multi-stage network. In various implementations, the nodes of the multi-stage network may be coupled to one or more physical network switches through respective physical interfaces and a virtual connectivity grid superimposed thereon and configured through the use of a flow routing framework and system management framework to group the nodes into a number of clusters. The nodes of each cluster are configured to perform similar packet processing functions and the clusters are interconnected through virtual networks to which the nodes are communicatively coupled via virtual interfaces overlaid on top of the physical network interfaces.
摘要:
An adapter is provided with intelligence that allows it to separate the header parts of a packet being received from the payload it carries, and in most cases move the payload directly into a destination buffer at the application layer or file system layer. Copies by the intermediate layers of the protocol stack are bypassed, reducing the number of times that the payload of a communication must be copied by the host system. At the network interface, a plurality of packets is received, and the payload of each is bypassed directly into the target destination buffer. The network interface device identifies the packets which are in the sequence of packets carrying payload to be stored in the target buffer by the flow specification carried with such packets. Also, the packets carrying data payload for the file include a sequence number or other identifier by which the network interface is able to determine the offset within the target buffer to which the packet is to be stored.