专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07502366B1 Arrangement in a network switch for prioritizing data frames based on user-defined frame attributes 有权
标题翻译：网络交换机中的布置，用于基于用户定义的帧属性对数据帧进行优先级排序
公开(公告)号：US07502366B1
公开(公告)日：2009-03-10
申请号：US09576021
申请日：2000-05-23
申请人： Bahadir Erimli , Gopal S. Krishna , Chandan Egbert , Peter Ka-Fai Chow , Mrudula Kanuri , Shr-Jie Tzeng , Somnath Viswanath , Xiaohua Zhuang
发明人： Bahadir Erimli , Gopal S. Krishna , Chandan Egbert , Peter Ka-Fai Chow , Mrudula Kanuri , Shr-Jie Tzeng , Somnath Viswanath , Xiaohua Zhuang
IPC分类号： H04L12/28
CPC分类号： H04L47/10 , H04L47/13 , H04L47/20
摘要： A network switch includes network switch ports, each including a port filter configured for detecting user-selected attributes from a received layer 2 type data frame. Each port filter, upon detecting a user-selected attribute in a received layer 2 type data frame, sends a signal to a switching module indicating the determined presence of the user-selected attribute, enabling the switching module to generate a switching decision based on the corresponding user-selected attribute and based on a corresponding user-defined switching policy. The switching policy may specify a priority class, or a guaranteed quality of service (e.g., a guaranteed bandwidth), ensuring that the received layer 2 type data frame receives the appropriate switching support. The user-selected attributes for the port filter and the user-defined switching policy for the switching module are programmed by a host processor. Hence, the integrated network switch is able to perform advanced switching operations for layer 2 type data packets to ensure quality of service requirements, independent of priority information specified in the layer 2 type data packets, based on the user-selected attributes in the layer 2 type data packets and the user-defined switching policies established for the switching module.
摘要翻译：网络交换机包括网络交换机端口，每个端口包括被配置为从接收到的层2型数据帧中检测用户选择的属性的端口过滤器。每个端口滤波器在检测到接收到的层2类型数据帧中的用户选择的属性时，向交换模块发送指示所确定的用户选择属性的存在的信号，使切换模块能够基于相应的用户选择的属性并基于相应的用户定义的交换策略。切换策略可以指定优先级等级或保证服务质量（例如，保证带宽），确保接收到的第2层类型的数据帧接收适当的切换支持。用于端口过滤器的用户选择的属性和用于切换模块的用户定义的切换策略由主处理器编程。因此，综合网络交换机能够根据第2层用户选择的属性，对第2层类型的数据包执行高级交换操作，以确保与第2类数据包中指定的优先级信息无关的服务质量要求类型数据包和为交换模块建立的用户定义的交换策略。

2. 发明授权

US06925085B1 Packet classification using hash key signatures generated from interrupted hash function 有权
标题翻译：使用从中断散列函数生成的散列密钥签名的数据包分类
公开(公告)号：US06925085B1
公开(公告)日：2005-08-02
申请号：US09588295
申请日：2000-06-07
申请人： Gopal S. Krishna , Chandan Egbert , Somnath Viswanath
发明人： Gopal S. Krishna , Chandan Egbert , Somnath Viswanath
IPC分类号： H04L12/56 , H04L12/28
CPC分类号： H04L45/745 , H04L49/351 , H04L49/602
摘要： A network switch, configured for performing layer 2 and layer 3 switching in an Ethernet (IEEE 802.3) network without blocking of incoming data packets, includes network switch ports, each including a packet classifier module configured for generating a packet signature based on information within a received data packet and hash action values specified within a user-programmable template. In particular, the network switch stores a plurality of user-programmable templates, each configured for identifying a corresponding class of data packet. Each user-programmable template includes hash action values specifying initiation and termination of a hash function based on a byte offset of a received data packet. The packet classifier module includes a hash generator configured for generating hash values for selected bytes of the received data packet, and a template translator configured for controlling the hash generator for hashing the selected bytes of the received data packet based on the hash action values specified by a corresponding user-programmable template. Hence, a unique hash signature can be generated by supplying a data frame having a prescribed data values at the selected bytes of the user-programmable template; the hash signature can then be stored for comparison with incoming data packets during network switching operations. Hence, data packets can be classified at the wire rate by performing a hash-based search of selected bytes of the received data packet.
摘要翻译：配置用于在以太网（IEEE 802.3）网络中执行层2和层3切换而不阻塞传入数据分组的网络交换机包括网络交换机端口，每个网络交换机端口包括分组分类器模块，其被配置为基于内容中的信息来生成分组签名在用户可编程模板中指定的数据包和散列操作值。特别地，网络交换机存储多个用户可编程模板，每个模板被配置用于识别相应类别的数据分组。每个用户可编程模板包括基于接收到的数据分组的字节偏移来指定哈希函数的启动和终止的哈希动作值。分组分类器模块包括：哈希发生器，其被配置用于生成接收到的数据分组的所选字节的散列值;以及模板转换器，被配置为用于控制散列生成器，用于基于由所接收的数据分组指定的散列动作值对接收到的数据分组的所选字节进行散列相应的用户可编程模板。因此，可以通过在用户可编程模板的所选字节处提供具有规定数据值的数据帧来生成唯一的散列签名; 然后可以存储散列签名以便在网络切换操作期间与输入数据分组进行比较。因此，可以通过对所接收的数据分组的所选字节进行基于散列的搜索，以有线速率对数据分组进行分类。

3. 发明授权

US06839351B1 Parallel packet lookup in a packet-switched network 有权
标题翻译：分组交换网络中的并行数据包查找
公开(公告)号：US06839351B1
公开(公告)日：2005-01-04
申请号：US09818135
申请日：2001-03-28
申请人： Peter Ka-Fai Chow , Bahadir Erimli , Somnath Viswanath , Gopal S. Krishna
发明人： Peter Ka-Fai Chow , Bahadir Erimli , Somnath Viswanath , Gopal S. Krishna
IPC分类号： H04L12/28 , H04L12/44 , H04L12/56
CPC分类号： H04L49/3009 , H04L12/44 , H04L49/354
摘要： A multiport network device includes output ports, internal rules checking logic, a port filter, and input ports. The input ports receive data frames and transfer the data frames to the internal rules checking logic and the port filter. The internal rules checking logic determines the appropriate output ports for the frame. At potentially the same time, the port filter determines priority information for the frame. The port filter informs the internal rules checking logic when it has completed determining the priority information by transmitting an end-of-frame signal to the internal rules checking logic. In response, if the internal rules checking logic has completed determining the output ports for the frame, it assembles a frame descriptor corresponding to the frame and transmits the frame descriptor to the appropriate output port(s).
摘要翻译：多端口网络设备包括输出端口，内部规则检查逻辑，端口过滤器和输入端口。输入端口接收数据帧，并将数据帧传输到内部规则检查逻辑和端口过滤器。内部规则检查逻辑确定帧的适当输出端口。在可能的同时，端口过滤器确定帧的优先级信息。端口过滤器通过将帧内信号发送到内部规则检查逻辑完成确定优先级信息后，通知内部规则检查逻辑。作为响应，如果内部规则检查逻辑已经完成确定帧的输出端口，则它组装与帧相对应的帧描述符，并将帧描述符发送到适当的输出端口。

4. 发明授权

US06963565B1 Apparatus and method for identifying data packet at wire rate on a network switch port 有权
标题翻译：用于在网络交换机端口上以线速识别数据分组的装置和方法
公开(公告)号：US06963565B1
公开(公告)日：2005-11-08
申请号：US09637015
申请日：2000-08-14
申请人： Gopal S. Krishna , Peter Ka-Fai Chow , Shr-Jie Tzeng , Somnath Viswanath
发明人： Gopal S. Krishna , Peter Ka-Fai Chow , Shr-Jie Tzeng , Somnath Viswanath
IPC分类号： H04L12/46 , H04L12/56 , H04L29/06 , H04L12/28
CPC分类号： H04L47/2441 , H04L47/10 , H04L49/3009 , H04L49/351 , H04L49/602 , H04L69/22
摘要： A network switch, configured for performing layer 2 and layer 3 switching in an Ethernet (IEEE 802.3) network without blocking of incoming data packets, includes a network switch port having a filter (i.e., a packet classifier module) configured for evaluating an incoming data packet on an instantaneous basis, immediately upon receipt at the network switch port. The filter performs simultaneous comparisons between the incoming data stream of the data packet and multiple templates configured for identifying respective data protocols. Each template is composed of a plurality of min terms, wherein each min term specifies a prescribed comparison operation within a selected data byte of the incoming data packet. The templates may be programmed by a user and stored in an internal min term memory. Moreover, the multiple simultaneous comparisons enable the network switch to perform layer 3 switching for 100 Mbps and gigabit networks without blocking in the network switch.
摘要翻译：配置用于在以太网（IEEE 802.3）网络中执行层2和层3切换而不阻塞传入数据分组的网络交换机包括网络交换机端口，该网络交换机端口具有被配置为评估输入数据的过滤器（即，分组分类器模块）数据包立即在网络交换机端口上收到。该过滤器执行数据包的输入数据流和配置用于识别相应数据协议的多个模板之间的同时比较。每个模板由多个最小项组成，其中每个最小项指定输入数据分组的所选数据字节内的规定比较操作。模板可以由用户编程并存储在内部最小项存储器中。此外，多次同步比较使得网络交换机能够在网络交换机中对100Mbps和千兆网络执行层3切换而不阻塞。

5. 发明授权

US07099285B1 Remote configuration of a subnet configuration table in a network device 有权
标题翻译：远程配置网络设备中的子网配置表
公开(公告)号：US07099285B1
公开(公告)日：2006-08-29
申请号：US09881019
申请日：2001-06-15
申请人： Mrudula Kanuri , Somnath Viswanath , Gopal S. Krishna
发明人： Mrudula Kanuri , Somnath Viswanath , Gopal S. Krishna
IPC分类号： H04L12/16 , H04L12/28
CPC分类号： H04L49/604 , H04L49/15 , H04L49/3009 , H04L49/351
摘要： A multiport switching device includes a configuration table that stores associations between addresses of subnets directly connected to the switching device and the port number of the multiport switching device that leads to the subnet. A host processor connected to the multiport switching device updates and maintains the configuration table. A remote processor communicates with the switching device through the host processor. To facilitate the communication of the remote processor with the multiport switch, the host processor executes a TCP/IP stack and the multiport switch is assigned a unique IP address.
摘要翻译：多端口切换装置包括存储与切换装置直接连接的子网的地址和通向子网的多端口切换装置的端口号之间的关联的配置表。连接到多端口交换设备的主机处理器更新并维护配置表。远程处理器通过主机处理器与交换设备进行通信。为了方便远程处理器与多端口交换机的通信，主处理器执行TCP / IP堆栈，并为多端口交换机分配唯一的IP地址。

6. 发明授权

US06954427B1 Method and apparatus for performing priority-based admission control 有权
标题翻译：用于执行基于优先级的准入控制的方法和装置
公开(公告)号：US06954427B1
公开(公告)日：2005-10-11
申请号：US09818621
申请日：2001-03-28
申请人： Somnath Viswanath , Gopal S. Krishna , Peter Ka-Fai Chow , Bahadir Erimli
发明人： Somnath Viswanath , Gopal S. Krishna , Peter Ka-Fai Chow , Bahadir Erimli
IPC分类号： H04L12/26 , H04L12/56
CPC分类号： H04L47/10 , H04L47/6215 , H04L49/901 , H04L49/9073
摘要： A network device that controls the communication of data frames between stations includes a memory that stores frame pointers that point to addresses in an external memory. The data frames are stored in the external memory while the network device generates frame forwarding information for the respective data frames. The network device divides the available frame pointers into a number of categories corresponding to priorities associated with the data frames. When a frame is received at the network device, frame processing logic determines the priority of the data frame and checks whether a frame pointer corresponding to that particular priority is available. If no frame pointer corresponding to that priority is available, the multiport switch drops the data frame.
摘要翻译：控制站间数据帧通信的网络设备包括存储指向外部存储器中的地址的帧指针的存储器。数据帧存储在外部存储器中，而网络设备生成各个数据帧的帧转发信息。网络设备将可用帧指针划分成与数据帧相关联的优先级对应的多个类别。当在网络设备处接收到帧时，帧处理逻辑确定数据帧的优先级，并检查对应于该特定优先级的帧指针是否可用。如果没有与该优先级相对应的帧指针可用，则多端口交换机将丢弃数据帧。

7. 发明授权

US06718379B1 System and method for network management of local area networks having non-blocking network switches configured for switching data packets between subnetworks based on management policies 有权
标题翻译：具有非阻塞网络交换机的局域网的网络管理系统和方法，用于基于管理策略在子网间切换数据包
公开(公告)号：US06718379B1
公开(公告)日：2004-04-06
申请号：US09590685
申请日：2000-06-09
申请人： Gopal S. Krishna , Peter Ka-Fai Chow , Somnath Viswanath , Shr-Jie Tzeng , Mrudula Kanuri
发明人： Gopal S. Krishna , Peter Ka-Fai Chow , Somnath Viswanath , Shr-Jie Tzeng , Mrudula Kanuri
IPC分类号： G06F15173
CPC分类号： H04L41/5022 , H04L49/351 , H04L63/102 , H04L63/12
摘要： A centralized policy server sends policy messages, that describe network management policy, to network switches. Each policy message includes a packet attribute that enables a network switch to uniquely identify a received data packet, and either a priority level or network switch action that describes the switching operation to be performed by the network switch. The network switches are configured for implementing the network management policy by storing switching actions for prescribed data packets, and templates that specify frame data parameters for identifying the prescribed data packets. Each network switch, configured for performing layer 2 and layer 3 switching in an Ethernet (IEEE 802.3) network without blocking of incoming data packets, includes in each network switch port a packet classifier module configured for classifying a received data packet based on a template generated based on the policy messages. In particular, the network switch stores a plurality of user-programmable templates, each configured for identifying a corresponding class of data packet.
摘要翻译：集中式策略服务器向网络交换机发送描述网络管理策略的策略消息。每个策略消息包括允许网络交换机唯一地标识接收到的数据分组的分组属性，以及描述要由网络交换机执行的切换操作的优先级或网络交换机动作。网络交换机被配置为通过存储规定数据分组的切换动作来实现网络管理策略，以及指定用于识别规定数据分组的帧数据参数的模板。每个网络交换机被配置为在以太网（IEEE 802.3）网络中执行层2和层3交换而不阻塞传入数据分组，在每个网络交换机端口中包括分组分类器模块，其被配置用于基于生成的模板对接收到的数据分组进行分类根据政策信息。特别地，网络交换机存储多个用户可编程模板，每个模板被配置用于识别相应类别的数据分组。

8. 发明申请

US20100071055A1 Two Parallel Engines for High Speed Transmit IPSEC Processing 审中-公开
标题翻译：两个并行发动机用于高速发射IPSEC处理
公开(公告)号：US20100071055A1
公开(公告)日：2010-03-18
申请号：US12625086
申请日：2009-11-24
申请人： Marufa Kaniz , Jeffrey Dwork , Robert Alan Williams , Mohammmed Y. Maniar , Somnath Viswanath
发明人： Marufa Kaniz , Jeffrey Dwork , Robert Alan Williams , Mohammmed Y. Maniar , Somnath Viswanath
IPC分类号： G06F17/00
CPC分类号： H04L63/0485 , H04L63/164
摘要： The invention relates to a network interface system for interfacing a host system with a network. The network interface system includes a bus interface system, a media access control system, and a security system. The network interface offloads IPsec processing from the host processor. According to the invention, the security system includes two processors for encrypting and authenticating the outgoing data. Outgoing data packets are sent alternately to one or the other processor, whereby transmission processing can be accelerated relative to receive processing.
摘要翻译：本发明涉及一种用于将主机系统与网络进行接口的网络接口系统。网络接口系统包括总线接口系统，媒体访问控制系统和安全系统。网络接口从主机处理器卸载IPsec处理。根据本发明，安全系统包括用于加密和认证输出数据的两个处理器。输出的数据分组被交替地发送到一个或另一个处理器，由此相对于接收处理可以加速传输处理。

9. 发明授权

US07512787B1 Receive IPSEC in-line processing of mutable fields for AH algorithm 有权
标题翻译：接收IPS算法的IPSEC在线处理可变字段
公开(公告)号：US07512787B1
公开(公告)日：2009-03-31
申请号：US10771019
申请日：2004-02-03
申请人： Somnath Viswanath , Mohammad Maniar , Jeffrey Dwork , Robert Alan Williams
发明人： Somnath Viswanath , Mohammad Maniar , Jeffrey Dwork , Robert Alan Williams
IPC分类号： H04L9/00
CPC分类号： H04L63/08 , H04L63/0485 , H04L63/164
摘要： The invention relates to a network interface system for interfacing a host system with a network. The network interface system includes a bus interface system, a media access control system, and a security system. The security system is operative to selectively authenticate incoming and outgoing data. The security system includes a pipeline that masks mutable fields from incoming data prior to authentication.
摘要翻译：本发明涉及一种用于将主机系统与网络进行接口的网络接口系统。网络接口系统包括总线接口系统，媒体访问控制系统和安全系统。安全系统可操作以选择性地验证输入和输出数据。安全系统包括一个流水线，用于在认证之前屏蔽来自输入数据的可变字段。

10. 发明授权

US07818563B1 Method to maximize hardware utilization in flow-thru IPsec processing 有权
标题翻译：最大化通过IPsec处理的硬件利用率的方法
公开(公告)号：US07818563B1
公开(公告)日：2010-10-19
申请号：US10860968
申请日：2004-06-04
申请人： Jeffrey Dwork , Robert Alan Williams , Somnath Viswanath
发明人： Jeffrey Dwork , Robert Alan Williams , Somnath Viswanath
IPC分类号： H04L29/06
CPC分类号： H04L63/06 , H04L63/0485 , H04L63/08 , H04L63/164
摘要： The invention relates to a network interface system for interfacing a host system with a network. The network interface system includes a bus interface system, a media access control system, a memory system, and a security system. The security system is coupled to the memory system and is adapted to selectively perform security processing on incoming and outgoing data. For at least one of receive or transmit processing, the security system comprises one or more encryption pipelines and at least two sets of one or more authentication pipelines. The encryption pipelines are adapted to perform one or more encryption or decryption algorithms. The authentication pipelines are adapted to perform one or more authentication algorithms. The security system is configured to selectively process frames through the encryption pipelines and then through the two sets of authentication pipelines. The system toggles whereby successive frames alternate between the two sets of authentication pipelines.
摘要翻译：本发明涉及一种用于将主机系统与网络进行接口的网络接口系统。网络接口系统包括总线接口系统，媒体接入控制系统，存储系统和安全系统。安全系统耦合到存储器系统，并且适于选择性地对输入和输出数据执行安全处理。对于接收或发送处理中的至少一个，安全系统包括一个或多个加密流水线和至少两组一个或多个认证流水线。加密流水线适于执行一个或多个加密或解密算法。认证流水线适于执行一个或多个认证算法。安全系统被配置为通过加密流水线然后通过两组认证流水线来选择性地处理帧。系统切换，从而连续的帧在两组认证管线之间交替。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式