公开(公告)号：US06826186B1

公开(公告)日：2004-11-30

申请号：US09519715

申请日：2000-03-07

申请人： Zubin D. Dittia ,  John Andrew Fingerhut ,  Daniel E. Lenoski

发明人： Zubin D. Dittia ,  John Andrew Fingerhut ,  Daniel E. Lenoski

IPC分类号： H04L1228

CPC分类号： H04L45/00 ,  H04L45/24

摘要： According to the invention, methods and apparatus are disclosed for selecting one of multiple of paths between two points over which to route a data item based on the destination of the data item and the traffic between the two points over the multiple paths. A switching system can use the disclosed methods and apparatus to more efficiently distribute data packets among switching fabrics than currently accomplished by known techniques. In one implementation, distribution cycles have been established for sending data between two points, where each path between the endpoints is used a predetermined number of times (e.g., one, two) within each cycle. To economize the amount of traffic data collected, the multiple paths can be partitioned into subsets for which traffic data is maintained only for the current subset. Additionally, the distribution of traffic between the two points can be further partitioned into traffic of a particular type or priority between the two points.

摘要翻译： 根据本发明，公开了用于选择基于数据项的目的地路由数据项的两个点之间的多个路径中的一个路径和多个路径上的两个点之间的业务的方法和装置。 交换系统可以使用所公开的方法和装置来更有效地分配交换结构中的数据分组，而不是目前通过已知技术实现的数据分组。 在一个实现中，已经建立了分发周期，用于在两个点之间发送数据，其中端点之间的每个路径在每个周期内被使用预定次数（例如，一个，两个）。 为了节约收集的流量数据量，可以将多个路径划分为仅为当前子集维护流量数据的子集。 此外，两点之间的业务分配可以进一步划分为两点之间的特定类型或优先级的业务。

公开(公告)号：US06747972B1

公开(公告)日：2004-06-08

申请号：US09519716

申请日：2000-03-07

申请人： Daniel E. Lenoski ,  William N. Eatherton ,  Zubin D. Dittia ,  John Andrew Fingerhut

发明人： Daniel E. Lenoski ,  William N. Eatherton ,  Zubin D. Dittia ,  John Andrew Fingerhut

IPC分类号： H04L1256

CPC分类号： H04L45/00 ,  H04L45/302 ,  H04L2012/565

摘要： In one implementation, a first set of packet switch sequence numbers is used for end-to-end resequencing of packets within a packet switch, and a second set of interconnection network sequence number is used in the resequencing of packets within an interconnection network of the packet switch. A packet switch sequence number is maintained at each input interface of the packet switch for each output interface, while each output interface maintains a packet switch sequence number for each input interface. A corresponding sequence number is added to packets sent between corresponding input-output interface pairs. Similarly, an interconnection network sequence number is maintained at each input port of an interconnection network for each output port, while each output port maintains an interconnection network sequence number for each input port. A corresponding sequence number is added to packets sent between corresponding input-output port pairs.

摘要翻译： 在一个实现中，第一组分组交换序列号用于分组交换机内的分组的端对端重新排序，并且第二组互连网络序列号被用于重新排序的互连网络内的分组 分组交换机 在每个输出接口的分组交换机的每个输入接口处保持分组交换序列号，而每个输出接口为每个输入接口维护分组交换序列号。 相应的序列号被添加到相应的输入 - 输出接口对之间发送的数据包。 类似地，在每个输出端口的互连网络的每个输入端口处保持互连网络序列号，而每个输出端口为每个输入端口维护互连网络序列号。 相应的序列号被添加到相应的输入 - 输出端口对之间发送的数据包。

公开(公告)号：US06654342B1

公开(公告)日：2003-11-25

申请号：US09521278

申请日：2000-03-07

申请人： Zubin D. Dittia ,  William N. Eatherton ,  John Andrew Fingerhut ,  Michael B. Galles ,  Jonathan S. Turner

发明人： Zubin D. Dittia ,  William N. Eatherton ,  John Andrew Fingerhut ,  Michael B. Galles ,  Jonathan S. Turner

IPC分类号： G01R3108

CPC分类号： H04L12/5602

摘要： Methods and apparatus are disclosed for accumulating and distributing flow control information via update messages and piggybacked flow control information in other messages. One implementation operates using at least two techniques. Using a first technique, for every packet entering the switching system from a line card, the switching system conveys flow control information (typically congestion or both congestion and no-congestion indications) for the packet's destination to the line card. Using a second technique, the switching system will periodically convey congestion and no-congestion indications for all destinations to the line cards. In one implementation, when the first technique is used to provide only congestion indications, the periodic distribution of flow control information using the second technique provides non-congested indications which allows the line cards and their sources to resume or begin sending to the non-congested destinations.

摘要翻译： 公开了用于通过更新消息积累和分发流量控制信息的方法和装置以及其他消息中的捎带流控制信息。 一个实现使用至少两种技术来进行操作。 使用第一种技术，对于从线路卡进入交换系统的每个分组，交换系统将分组目的地的流量控制信息（通常拥塞或两者拥塞和无拥塞指示）传送到线路卡。 使用第二种技术，交换系统将周期性地向线路卡传送所有目的地的拥塞和无拥塞指示。 在一个实现中，当第一技术被用于仅提供拥塞指示时，使用第二技术的流量控制信息的周期性分布提供非拥塞指示，其允许线路卡及其源恢复或开始发送到非拥塞 目的地。

公开(公告)号：US06907041B1

公开(公告)日：2005-06-14

申请号：US09520684

申请日：2000-03-07

申请人： Jonathan S. Turner ,  Zubin D. Dittia ,  John Andrew Fingerhut

发明人： Jonathan S. Turner ,  Zubin D. Dittia ,  John Andrew Fingerhut

IPC分类号： H04L12/28 ,  H04L12/56 ,  H04Q11/00

CPC分类号： H04L49/552 ,  H04L12/5601 ,  H04L45/302 ,  H04L47/50 ,  H04L47/564 ,  H04L49/105 ,  H04L49/1515 ,  H04L49/1553 ,  H04L49/3018 ,  H04L49/3027 ,  H04L2012/565

摘要： Methods and apparatus for forwarding packets in a multistage interconnection network are provided which timestamp packets using a substantially system-wide timing reference and a merge sorting variant to restore packets to the proper order, using the timestamp information carried in the packets. One implementation determines when packets passing along different paths in the network can be safely forwarded, even when no packets have recently been received on some of the paths, by forwarding status messages along otherwise idle paths. The status messages provide information that can be used by downstream components to allow them to determine when packets passing over other paths can safely be forwarded. One implementation simultaneously resequences packets being delivered to all n outputs of the multistage interconnection network. The resequencing operations are distributed among a plurality of switching elements making up the interconnection network.

摘要翻译： 提供了用于在多级互连网络中转发分组的方法和装置，其使用基本上系统的定时参考的时间戳分组和使用分组中携带的时间戳信息将分组恢复到正确顺序的合并排序变体。 一个实施方式是确定何时在网络中沿着不同路径传递的分组可以安全地转发，即使在最近没有在一些路径上接收到分组时，通过沿其他空闲路径转发状态消息。 状态消息提供可由下游组件使用的信息，以允许它们确定何时可以安全地转发其他路径上的数据包。 一个实施方案同时重新分配被传递到多级互连网络的所有n个输出的分组。 重新排序操作分布在组成互连网络的多个交换单元中。

公开(公告)号：US06990063B1

公开(公告)日：2006-01-24

申请号：US09519282

申请日：2000-03-07

申请人： Daniel E. Lenoski ,  William N. Eatherton ,  John Andrew Fingerhut ,  Jonathan S. Turner

发明人： Daniel E. Lenoski ,  William N. Eatherton ,  John Andrew Fingerhut ,  Jonathan S. Turner

IPC分类号： G01R31/08 ,  H04Q11/00

CPC分类号： H04Q3/68 ,  H04L49/1523 ,  H04L49/55

摘要： Methods and apparatus are disclosed for distributing fault indications and maintaining and using a data structure indicating faults to route traffic in a packet switching system. In one embodiment, a packet switching system detects faults and propagates indications of these faults to the input interfaces of a packet switch, so the packet switch can adapt the selection of a route over which to send a particular packet. Faults are identified by various components of the packet switching system and relayed to one or more switching components to generate a broadcast packet destined for all input ports (i.e., to each I/O interface in a packet switch having folded input and output interfaces). Other embodiments, generate one or more multicast or unicast packets. The I/O interface maintains one or more data structures indicating the state of various portions of the packet switching system. In one embodiment, an output availability table is maintained indicating over which path a particular destination may be reached, as well as a link availability vector indicating which output likes of the input interface may be currently used. Using these as masks against possible routes in a fully functional system, the packet switching component (e.g., I/O interface) can identify which routes are currently available for reaching the destination of the received packet. These routes can then be selected between using one of numerous deterministic and non-deterministic methods.

摘要翻译： 公开了用于分发故障指示和维护和使用指示故障的数据结构以在分组交换系统中路由业务的方法和装置。 在一个实施例中，分组交换系统检测故障并将这些故障的指示传播到分组交换机的输入接口，因此分组交换机可以适应对其发送特定分组的路由的选择。 故障由分组交换系统的各种组件识别，并被中继到一个或多个交换组件以产生目的地为所有输入端口（即，具有折叠的输入和输出接口的分组交换机中的每个I / O接口）的广播分组。 其他实施例，生成一个或多个多播或单播分组。 I / O接口保持指示分组交换系统的各个部分的状态的一个或多个数据结构。 在一个实施例中，保持输出可用性表，指示可以到达特定目的地的哪个路径，以及指示可能当前使用输入接口的哪个输出像的链路可用性向量。 使用这些作为针对全功能系统中的可能路由的掩码，分组交换组件（例如，I / O接口）可以识别当前可用于到达所接收分组的目的地的哪些路由。 然后可以使用许多确定性和非确定性方法之一来选择这些路线。

公开(公告)号：US07551617B2

公开(公告)日：2009-06-23

申请号：US11054076

申请日：2005-02-08

申请人： Will Eatherton ,  Earl T. Cohen ,  John Andrew Fingerhut ,  Donald E. Steiss ,  John Williams

发明人： Will Eatherton ,  Earl T. Cohen ,  John Andrew Fingerhut ,  Donald E. Steiss ,  John Williams

IPC分类号： H04L12/56

CPC分类号： H04L47/56 ,  H04L45/60 ,  H04L47/50

摘要： A network processor has numerous novel features including a multi-threaded processor array, a multi-pass processing model, and Global Packet Memory (GPM) with hardware managed packet storage. These unique features allow the network processor to perform high-touch packet processing at high data rates. The packet processor can also be coded using a stack-based high-level programming language, such as C or C++. This allows quicker and higher quality porting of software features into the network processor.Processor performance also does not severely drop off when additional processing features are added. For example, packets can be more intelligently processed by assigning processing elements to different bounded duration arrival processing tasks and variable duration main processing tasks. A recirculation path moves packets between the different arrival and main processing tasks. Other novel hardware features include a hardware architecture that efficiently intermixes co-processor operations with multi-threaded processing operations and improved cache affinity.

摘要翻译： 网络处理器具有许多新颖的特征，包括多线程处理器阵列，多遍处理模型和具有硬件管理分组存储的全局分组存储器（GPM）。 这些独特的功能允许网络处理器以高数据速率执行高触摸数据包处理。 分组处理器也可以使用基于堆栈的高级编程语言（例如C或C ++）进行编码。 这样可以更快速地将软件功能移植到网络处理器中。 当添加额外的处理功能时，处理器性能也不会严重下降。 例如，可以通过将处理元素分配给不同的有界持续时间到达处理任务和可变持续时间主处理任务来更智能地处理分组。 再循环路径在不同的到达和主要处理任务之间移动分组。 其他新颖的硬件功能包括硬件架构，可以将协处理器操作与多线程处理操作高效地混合，并提高缓存关联度。

公开(公告)号：US07480308B1

公开(公告)日：2009-01-20

申请号：US10812207

申请日：2004-03-29

申请人： Earl T. Cohen ,  John Andrew Fingerhut ,  John J. Williams, Jr.

发明人： Earl T. Cohen ,  John Andrew Fingerhut ,  John J. Williams, Jr.

IPC分类号： H04L12/56

CPC分类号： H04L47/10 ,  H04L47/34 ,  H04L49/90 ,  H04L49/9094

摘要： Packets and packets fragments possibly received out of sequence are distributed into an expandable set of queues. For each particular packet or fragment, a queue within a set of queues is identified that does not contain a packet or packet fragment that is subsequent to the particular packet or fragment, and the particular packet or fragment is enqueued therein. If there is not such a queue available, a new queue is added to the set of queues. A data structure is typically updated for packet fragments to identify when all fragments have been received and the order of queues containing the packet fragments in order of their position within the reassembled packet. This ordered list of the queues is communicated to a reassembly mechanism to retrieve the packet fragments and to reassemble the packet. Resequencing of packets is similarly performed, and may be part of the reassembly process. The list of queues is not always used by the reassembly/resequencing mechanism as the enqueued fragments/packets typically contain sequence numbers.

摘要翻译： 可能从序列中接收到的数据包和数据包片段分布到一组可扩展的队列中。 对于每个特定的分组或片段，识别出一组队列内的队列不包含特定分组或片段之后的分组或分组片段，并且特定分组或片段入队。 如果没有这样的队列可用，则将新队列添加到队列集合中。 典型地，对于分组片段来更新数据结构以识别何时已经接收到所有片段，并且包含分组片段的队列的顺序依次是它们在重新组装的分组内的位置。 队列的有序列表被传送到重新组装机制以检索分组片段并重新组合分组。 类似地执行分组的重新排序，并且可以是重新组装过程的一部分。 队列列表并不总是被重新组装/重新排序机制使用，因为入队的片段/包通常包含序列号。

公开(公告)号：US08613088B2

公开(公告)日：2013-12-17

申请号：US11552025

申请日：2006-10-23

申请人： George Varghese ,  Flavio Giovanni Bonomi ,  John Andrew Fingerhut

发明人： George Varghese ,  Flavio Giovanni Bonomi ,  John Andrew Fingerhut

IPC分类号： G06F12/14

CPC分类号： H04L63/1408 ,  H04L63/145

摘要： A method and system to detect an evasion attack are provided. The system may include a repository to store signature fragments that together constitute an attack signature, an interceptor to intercept a data packet associated with a network connection, a string-matching module to determine whether the payload of the data packet includes any of the stored signature fragments thereby identifying a match, a responder to perform a prevention action in response to the match, and a detector to detect that a size of the data packet is less than a size threshold. The system may further include a state machine to commence maintaining a state for the network connection in response to the detector determining that the size of the data packet is less than the size threshold.

摘要翻译： 提供了一种检测逃避攻击的方法和系统。 系统可以包括存储器，用于存储一起构成攻击签名的签名片段，拦截与网络连接相关联的数据分组的拦截器，字符串匹配模块，用于确定数据分组的有效载荷是否包括任何存储的签名 片段，从而识别匹配，响应者执行响应于匹配的预防动作;以及检测器，用于检测数据包的大小小于尺寸阈值。 该系统还可以包括状态机，以响应于检测器确定数据分组的大小小于该大小阈值开始维持网络连接的状态。

公开(公告)号：US07626987B2

公开(公告)日：2009-12-01

申请号：US10706704

申请日：2003-11-12

申请人： John J. Williams, Jr. ,  John Andrew Fingerhut ,  Kenneth Harvey Potter, Jr.

发明人： John J. Williams, Jr. ,  John Andrew Fingerhut ,  Kenneth Harvey Potter, Jr.

IPC分类号： H04L12/56

CPC分类号： H04L49/9094 ,  G06F9/526 ,  H04L45/10 ,  H04L47/2416 ,  H04L47/50 ,  H04L47/624 ,  Y10S707/99938

摘要： Sequences of items may be maintained using ordered locks. These items may correspond to anything, but using ordered locks to maintain sequences of packets may be particularly useful. One implementation uses a locking request, acceptance, and release protocol. One implementation associates instructions with locking requests such that when a lock is acquired, the locking mechanism executes or causes to be executed the associated instructions as an acceptance request of the lock is implied by the association of instructions (or may be explicitly requested). In some applications, the ordering of the entire sequence of packets is not required to be preserved, but rather only among certain sub-sequences of the entire sequence of items, which can be accomplished by converting an initial root ordered lock (maintaining the sequence of the entire stream of items) to various other locks (each maintaining a sequence of different sub-streams of items).

摘要翻译： 可以使用有序锁来维护物品的顺序。 这些项目可以对应于任何东西，但是使用有序锁来维护分组的序列可能是特别有用的。 一个实现使用锁定请求，接受和释放协议。 一个实现将指令与锁定请求相关联，使得当获取锁时，锁定机制执行或导致执行相关联的指令，因为锁的接受请求由指令的关联（或可以被明确请求）所暗示。 在一些应用中，整个数据包序列的顺序不需要被保留，而是仅在整个项目序列的某些子序列之中，这可以通过转换初始的根有序锁来实现 整个项目流）到各种其他锁（每个保持一系列不同子项目的子流）。

公开(公告)号：US07630376B2

公开(公告)日：2009-12-08

申请号：US12062477

申请日：2008-04-03

申请人： John J. Williams, Jr. ,  John Andrew Fingerhut ,  Doron Shoham ,  Shimon Listman

发明人： John J. Williams, Jr. ,  John Andrew Fingerhut ,  Doron Shoham ,  Shimon Listman

IPC分类号： H04L12/56

CPC分类号： H04L47/10 ,  H04L45/10 ,  H04L47/34 ,  H04L47/50 ,  H04L47/624 ,  H04L49/9094 ,  Y10S707/99938

摘要： Sequences of items may be maintained using ordered locks. These items may correspond to anything, but using ordered locks to maintain sequences of packets, especially for maintaining requisite packet orderings when distributing packets to be processed to different packet processing engines, may be particularly useful. For example, in response to a particular packet processing engine completing processing of a particular packet, a gather instruction is attached to the particular identifier of a particular ordered lock associated with the particular packet. If no longer needed for further processing, the packet processing engine is immediately released to be able to process another packet or perform another function. The gather instruction is typically performed in response to the particular ordered lock being acquired by the particular identifier, with the gather instruction causing the processed particular packet to be sent.

摘要翻译： 可以使用有序锁来维护物品的顺序。 这些项目可以对应于任何东西，但是使用有序锁来维护分组的序列，特别是当将待处理的分组分发到不同的分组处理引擎时，特别是用于维持必需的分组顺序可能是特别有用的。 例如，响应于特定分组处理引擎完成特定分组的处理，收集指令附加到与特定分组相关联的特定有序锁定的特定标识符。 如果不再需要进一步处理，则分组处理引擎立即被释放以能够处理另一个分组或执行另一个功能。 通常，响应于由特定标识符获取的特定有序锁定执行收集指令，其中采集指令导致经处理的特定分组被发送。