公开(公告)号：US20080165775A1

公开(公告)日：2008-07-10

申请号：US11619676

申请日：2007-01-04

申请人： Ranadip Das ,  Vinit Jain ,  Uma K. ,  Venkat Vankatsubra

发明人： Ranadip Das ,  Vinit Jain ,  Uma K. ,  Venkat Vankatsubra

IPC分类号： H04L12/56

CPC分类号： H04L47/10 ,  H04L47/36

摘要： A method, computer program product, and data processing system for efficiently discovering and storing path MTU information in a sending host are disclosed. In a preferred embodiment, two path MTU tables are maintained. One path MTU table contains MTU values corresponding to the first-hop routers associated with the sending host. The other path MTU table contains MTU values corresponding to individual destination hosts. When the sending host needs to send information to a destination, it first consults the MTU table associated with individual destination hosts. If an entry for that destination host is found in the table, the sending host uses that MTU value. If not, the sending host consults the MTU table for the first-hop router on the path to the destination host and uses that MTU value. If that MTU value is too high, a new entry is made in the host-specific MTU table for the destination host.

摘要翻译： 公开了一种用于在发送主机中有效发现和存储路径MTU信息的方法，计算机程序产品和数据处理系统。 在优选实施例中，保持两个路径MTU表。 一个路径MTU表包含与发送主机关联的第一跳路由器对应的MTU值。 另一路径MTU表包含对应于各个目标主机的MTU值。 当发送主机需要向目的地发送信息时，首先查询与各个目的主机关联的MTU表。 如果表中找到该目标主机的条目，则发送主机将使用该MTU值。 如果不是，则发送主机在目的地主机的路径上查询第一跳路由器的MTU表，并使用该MTU值。 如果该MTU值太高，则在目标主机的主机特定MTU表中创建一个新条目。

公开(公告)号：US08422501B2

公开(公告)日：2013-04-16

申请号：US11619676

申请日：2007-01-04

申请人： Ranadip Das ,  Vinit Jain ,  Uma Krishnan ,  Venkat Venkatsubra

发明人： Ranadip Das ,  Vinit Jain ,  Uma Krishnan ,  Venkat Venkatsubra

IPC分类号： H04L12/56 ,  H04L12/28 ,  G06F11/00

CPC分类号： H04L47/10 ,  H04L47/36

摘要： A method, computer program product, and data processing system for efficiently discovering and storing path MTU information in a sending host are disclosed. In a preferred embodiment, two path MTU tables are maintained. One path MTU table contains MTU values corresponding to the first-hop routers associated with the sending host. The other path MTU table contains MTU values corresponding to individual destination hosts. When the sending host needs to send information to a destination, it first consults the MTU table associated with individual destination hosts. If an entry for that destination host is found in the table, the sending host uses that MTU value. If not, the sending host consults the MTU table for the first-hop router on the path to the destination host and uses that MTU value. If that MTU value is too high, a new entry is made in the host-specific MTU table for the destination host.

摘要翻译： 公开了一种用于在发送主机中有效发现和存储路径MTU信息的方法，计算机程序产品和数据处理系统。 在优选实施例中，保持两个路径MTU表。 一个路径MTU表包含与发送主机关联的第一跳路由器对应的MTU值。 另一路径MTU表包含对应于各个目标主机的MTU值。 当发送主机需要向目的地发送信息时，首先查询与各个目的主机关联的MTU表。 如果表中找到该目标主机的条目，则发送主机将使用该MTU值。 如果不是，则发送主机在目的地主机的路径上查询第一跳路由器的MTU表，并使用该MTU值。 如果该MTU值太高，则在目标主机的主机特定MTU表中创建一个新条目。

公开(公告)号：US20060107324A1

公开(公告)日：2006-05-18

申请号：US10992514

申请日：2004-11-18

申请人： Radhika Chirra ,  Ranadip Das ,  Vinit Jain ,  Venkat Venkatsubra

发明人： Radhika Chirra ,  Ranadip Das ,  Vinit Jain ,  Venkat Venkatsubra

IPC分类号： G06F12/14

CPC分类号： H04L63/1458 ,  H04L69/16 ,  H04L69/163 ,  H04L2463/141

摘要： An improved method, apparatus, and computer instructions for preventing denial of service attacks on persistent connections. A synchronize packet is received. In response to receiving the synchronize packet, a state of the persistent connection is identified. An action on the synchronize packet is deferred until a subsequent communication with a peer to the persistent connection.

摘要翻译： 用于防止对持久连接的拒绝服务攻击的改进的方法，装置和计算机指令。 接收到同步数据包。 响应于接收到同步分组，识别持续连接的状态。 对同步数据包的操作被延迟到与对等体的后续通信到持久连接。

公开(公告)号：US09092274B2

公开(公告)日：2015-07-28

申请号：US13313534

申请日：2011-12-07

申请人： Omar Cardona ,  Vinit Jain ,  Renato J. Recio ,  Rakesh Sharma

发明人： Omar Cardona ,  Vinit Jain ,  Renato J. Recio ,  Rakesh Sharma

IPC分类号： G06F15/16 ,  G06F9/54 ,  G06F9/455

CPC分类号： G06F9/54 ,  G06F9/45558 ,  G06F2009/45595

摘要： An approach is provided in which a hardware accelerated bridge executing on a network adapter receives an ingress data packet. The data packet includes a destination MAC address that corresponds to a virtual machine, which interfaces to a software bridge executing on a hypervisor. The hardware accelerated bridge identifies a software bridge table entry that includes the destination MAC address and a virtual function identifier, which identifies a virtual function corresponding to the software bridge. In turn, the hardware accelerated bridge sends the data packet from the hardware accelerated bridge to the software bridge through the identified virtual function.

摘要翻译： 提供了一种方法，其中在网络适配器上执行的硬件加速桥接收入入数据分组。 数据包包括与虚拟机相对应的目的地MAC地址，该目的MAC地址与在管理程序上执行的软件桥接口相连接。 硬件加速桥标识一个包含目标MAC地址和虚拟功能标识符的软件桥表项，它标识与软件桥相对应的虚拟功能。 反过来，硬件加速网桥通过识别的虚拟功能将数据包从硬件加速桥发送到软件桥。

公开(公告)号：US08954704B2

公开(公告)日：2015-02-10

申请号：US13209253

申请日：2011-08-12

申请人： Omar Cardona ,  Vinit Jain ,  Jayakrishna Kidambi ,  Renato J. Recio

发明人： Omar Cardona ,  Vinit Jain ,  Jayakrishna Kidambi ,  Renato J. Recio

IPC分类号： G06F12/00 ,  G06F12/02

CPC分类号： G06F12/0284 ,  Y02D10/13

摘要： An approach is provided which a system selects a first virtual function from a plurality of virtual functions executing on a network adapter that includes a memory area. Next, the system allocates, in the memory area, a memory corresponding to the first virtual function. The system then stores one or more translation entries in the allocated memory partition, which are utilized to send data traversing through the first virtual function. As such, the system sends, utilizing one or more of the translation entries, the data packets from the network adapter to one or more destinations. In turn, the system dynamically resizes the memory partition based upon an amount of the memory partition that is utilized to store the one or more translation entries.

摘要翻译： 提供了一种方法，系统从包括存储区域的网络适配器上执行的多个虚拟功能中选择第一虚拟功能。 接下来，系统在存储器区域中分配与第一虚拟功能相对应的存储器。 然后，系统将一个或多个转换条目存储在所分配的存储器分区中，用于发送穿过第一虚拟功能的数据。 因此，系统利用一个或多个转换条目将来自网络适配器的数据分组发送到一个或多个目的地。 反过来，系统基于用于存储一个或多个翻译条目的存储器分区的量来动态地调整存储器分区的大小。

公开(公告)号：US08819211B2

公开(公告)日：2014-08-26

申请号：US13556769

申请日：2012-07-24

申请人： Katherine Barabash ,  Rami Cohen ,  Vinit Jain ,  Renato J. Recio ,  Benny Rochwerger

发明人： Katherine Barabash ,  Rami Cohen ,  Vinit Jain ,  Renato J. Recio ,  Benny Rochwerger

IPC分类号： G06F15/173

CPC分类号： H04L41/0893 ,  H04L63/20

摘要： According to one embodiment of the present disclosure, an approach is provided in which a policy server receives a request for a policy from a requestor. The policy server identifies an initiating virtual machine; the initial virtual machine's corresponding virtual network; and a destination virtual machine. Next, a policy corresponding to sending data from the first virtual machine to the second virtual machine is selected. The policy includes one or more logical references to the virtual network and does not include a physical reference to a physical entity located on a physical network. In turn, a physical path translation corresponding to the selected policy is identified and sent to the requestor.

摘要翻译： 根据本公开的一个实施例，提供了一种方法，其中策略服务器从请求者接收对策略的请求。 策略服务器识别启动虚拟机; 初始虚拟机的对应虚拟网络; 和目标虚拟机。 接下来，选择对应于从第一虚拟机向第二虚拟机发送数据的策略。 策略包括对虚拟网络的一个或多个逻辑引用，并且不包括对位于物理网络上的物理实体的物理引用。 反过来，识别对应于所选策略的物理路径转换并将其发送到请求者。

公开(公告)号：US20130152075A1

公开(公告)日：2013-06-13

申请号：US13313534

申请日：2011-12-07

申请人： Omar Cardona ,  Vinit Jain ,  Renato J. Recio ,  Rakesh Sharma

发明人： Omar Cardona ,  Vinit Jain ,  Renato J. Recio ,  Rakesh Sharma

IPC分类号： G06F9/455

CPC分类号： G06F9/54 ,  G06F9/45558 ,  G06F2009/45595

摘要： An approach is provided in which a hardware accelerated bridge executing on a network adapter receives an ingress data packet. The data packet includes a destination MAC address that corresponds to a virtual machine, which interfaces to a software bridge executing on a hypervisor. The hardware accelerated bridge identifies a software bridge table entry that includes the destination MAC address and a virtual function identifier, which identifies a virtual function corresponding to the software bridge. In turn, the hardware accelerated bridge sends the data packet from the hardware accelerated bridge to the software bridge through the identified virtual function.

摘要翻译： 提供了一种方法，其中在网络适配器上执行的硬件加速桥接收入入数据分组。 数据包包括与虚拟机相对应的目的地MAC地址，该目的MAC地址与在管理程序上执行的软件桥接口相连接。 硬件加速桥标识一个包含目标MAC地址和虚拟功能标识符的软件桥表项，它标识与软件桥相对应的虚拟功能。 反过来，硬件加速网桥通过识别的虚拟功能将数据包从硬件加速桥发送到软件桥。

公开(公告)号：US08448189B2

公开(公告)日：2013-05-21

申请号：US12819502

申请日：2010-06-21

申请人： Dolapo Martin Falola ,  Vinit Jain ,  Shannon Marie MacAlpine ,  Shawn Patrick Mullen ,  James Stanley Tesauro

发明人： Dolapo Martin Falola ,  Vinit Jain ,  Shannon Marie MacAlpine ,  Shawn Patrick Mullen ,  James Stanley Tesauro

IPC分类号： G06F9/44 ,  G06F11/30 ,  G06F11/00 ,  G06F17/30

CPC分类号： H04L63/1416 ,  H04L2463/146

摘要： A method, apparatus and computer instructions for handling intrusions. A tracer packet is sent back to an intruder causing the intrusion in response to receiving notification of an intrusion from a particular node in a network data processing system. Nodes in the network data processing system are notified of the tracer packet. Identification of the node is stored for use in tracing a route of the tracer packet through the data processing system in response to receiving a message from a node indicating receipt of the tracer packet.

摘要翻译： 一种用于处理入侵的方法，装置和计算机指令。 响应于接收到来自网络数据处理系统中的特定节点的入侵的通知，跟踪器分组被发送回入侵者，导致入侵。 网络数据处理系统中的节点通知跟踪分组。 响应于从指示接收到示踪器分组的节点接收到消息，节点的标识被存储用于通过数据处理系统跟踪跟踪分组的路由。

公开(公告)号：US20130083690A1

公开(公告)日：2013-04-04

申请号：US13252649

申请日：2011-10-04

申请人： Omar Cardona ,  Vinit Jain ,  Rakesh Sharma ,  Renato J. Recio

发明人： Omar Cardona ,  Vinit Jain ,  Rakesh Sharma ,  Renato J. Recio

IPC分类号： H04L12/56 ,  H04L12/28

CPC分类号： H04L12/28 ,  G06F9/44 ,  G06F9/45558 ,  G06F9/4856 ,  G06F9/5077 ,  G06F2009/4557 ,  H04L29/00 ,  H04L69/12 ,  H04L69/32

摘要： An approach is provided in which a discovery system receives a migration request to move a virtual machine that executes on a first system. The discovery system identifies a first network adapter corresponding to the first system, and identifies hardware state data used by the first network adapter to process data packets generated by the virtual machine. In turn, the discovery system identifies a second network adapter that is compatible with a native format of the hardware state data, and migrates the virtual machine to a second system corresponding to the identified second network adapter.

公开(公告)号：US20130034109A1

公开(公告)日：2013-02-07

申请号：US13560515

申请日：2012-07-27

申请人： Omar Cardona ,  Vinit Jain ,  Renato J. Recio ,  Rakesh Sharma

发明人： Omar Cardona ,  Vinit Jain ,  Renato J. Recio ,  Rakesh Sharma

IPC分类号： H04L12/56

CPC分类号： H04L49/70 ,  H04L12/4633

摘要： An approach is provided in which a data traffic module executing on a network interface card receives a data packet initiated by a first virtual machine with a destination at a second virtual machine. The data traffic module identifies one or more physical path translations corresponding to a logical connectivity that is independent of physical topology constraints of a physical network. In turn, the data traffic module encapsulates the data packet with the one or more physical path translations and sends the encapsulated data packet to the second virtual machine over the physical network.