NETRONOME SYSTEMS, INC. Patent applications |
Patent application number | Title | Published |
20150317163 | TABLE FETCH PROCESSOR INSTRUCTION USING TABLE NUMBER TO BASE ADDRESS TRANSLATION - A pipelined run-to-completion processor includes no instruction counter and only fetches instructions either: as a result of being prompted from the outside by an input data value and/or an initial fetch information value, or as a result of execution of a fetch instruction. Initially the processor is not clocking. An incoming value kick-starts the processor to start clocking and to fetch a block of instructions from a section of code in a table. The input data value and/or the initial fetch information value determines the section and table from which the block is fetched. A LUT converts a table number in the initial fetch information value into a base address where the table is found. Fetch instructions at the ends of sections of code cause program execution to jump from section to section. A finished instruction causes an output data value to be output and stops clocking of the processor. | 11-05-2015 |
20150317162 | KICK-STARTED RUN-TO-COMPLETION PROCESSING METHOD THAT DOES NOT INVOLVE AN INSTRUCTION COUNTER - A pipelined run-to-completion processor includes no instruction counter and only fetches instructions either: as a result of being prompted from the outside by an input data value and/or an initial fetch information value, or as a result of execution of a fetch instruction. Initially the processor is not clocking. An incoming value kick-starts the processor to start clocking and to fetch a block of instructions from a section of code in a table. The input data value and/or the initial fetch information value determines the section and table from which the block is fetched. A LUT converts a table number in the initial fetch information value into a base address where the table is found. Fetch instructions at the ends of sections of code cause program execution to jump from section to section. A finished instruction causes an output data value to be output and stops clocking of the processor. | 11-05-2015 |
20150317160 | KICK-STARTED RUN-TO-COMPLETION PROCESSOR HAVING NO INSTRUCTION COUNTER - A pipelined run-to-completion processor includes no instruction counter and only fetches instructions either: as a result of being prompted from the outside by an input data value and/or an initial fetch information value, or as a result of execution of a fetch instruction. Initially the processor is not clocking. An incoming value kick-starts the processor to start clocking and to fetch a block of instructions from a section of code in a table. The input data value and/or the initial fetch information value determines the section and table from which the block is fetched. A LUT converts a table number in the initial fetch information value into a base address where the table is found. Fetch instructions at the ends of sections of code cause program execution to jump from section to section. A finished instruction causes an output data value to be output and stops clocking of the processor. | 11-05-2015 |
20150317159 | POP STACK ABSOLUTE INSTRUCTION - A pipelined run-to-completion processor executes a pop stack absolute instruction. The instruction includes an opcode, an absolute pointer value, a flag don't touch bit, and predicate bits. If a condition indicated by the predicate bits is not true, then the opcode operation is not performed. If the condition is true, then the stack of the processor is popped thereby generating an operand A. The absolute pointer value is used to identify a particular register of the stack, and the content of that particular register is an operand B. The arithmetic logic operation specified by the opcode is performed using operand A and operand B thereby generating a result, and the content of the particular register is replaced with the result. If the flag don't touch bit is set to a particular value, then the flag bits (carry flag and zero flag) are not affected by execution of the instruction. | 11-05-2015 |
20150293792 | PICOENGINE MULTI-PROCESSOR WITH TASK ASSIGNMENT - A general purpose PicoEngine Multi-Processor (PEMP) includes a hierarchically organized pool of small specialized picoengine processors and associated memories. A stream of data input values is received onto the PEMP. Each input data value is characterized, and from the characterization a task is determined. Picoengines are selected in a sequence. When the next picoengine in the sequence is available, it is then given the input data value along with an associated task assignment. The picoengine then performs the task. An output picoengine selector selects picoengines in the same sequence. If the next picoengine indicates that it has completed its assigned task, then the output value from the selected picoengine is output from the PEMP. By changing the sequence used, more or less of the processing power and memory resources of the pool is brought to bear on the incoming data stream. The PEMP automatically disables unused picoengines and memories. | 10-15-2015 |
20150293578 | PICOENGINE MULTI-PROCESSOR WITH POWER CONTROL MANAGEMENT - A general purpose PicoEngine Multi-Processor (PEMP) includes a hierarchically organized pool of small specialized picoengine processors and associated memories. A stream of data input values is received onto the PEMP. Each input data value is characterized, and from the characterization a task is determined. Picoengines are selected in a sequence. When the next picoengine in the sequence is available, it is then given the input data value along with an associated task assignment. The picoengine then performs the task. An output picoengine selector selects picoengines in the same sequence. If the next picoengine indicates that it has completed its assigned task, then the output value from the selected picoengine is output from the PEMP. By changing the sequence used, more or less of the processing power and memory resources of the pool is brought to bear on the incoming data stream. The PEMP automatically disables unused picoengines and memories. | 10-15-2015 |
20150277924 | CHAINED-INSTRUCTION DISPATCHER - A dispatcher circuit receives sets of instructions from an instructing entity. Instructions of the set of a first type are put into a first queue circuit, instructions of the set of a second type are put into a second queue circuit, and so forth. The first queue circuit dispatches instructions of the first type to one or more processing engines and records when the instructions of the set are completed. When all the instructions of the set of the first type have been completed, then the first queue circuit sends the second queue circuit a go signal, which causes the second queue circuit to dispatch instructions of the second type and to record when they have been completed. This process proceeds from queue circuit to queue circuit. When all the instructions of the set have been completed, then the dispatcher circuit returns an “instructions done” to the original instructing entity. | 10-01-2015 |
20150263967 | INSTANTANEOUS RANDOM EARLY DETECTION PACKET DROPPING - A device that receives a packet descriptor and a queue number that indicates a queue stored within a memory unit, and in response determines an instantaneous queue depth of the queue. The instantaneous queue depth is used to determine a drop probability. The drop probability is used to randomly determine if the packet descriptor should be stored in the queue. The queue has a first queue depth range and a second queue depth range that do not overlap. A first drop probability is associated with the first queue depth range and a second drop probability is associated with the second queue depth range. The first drop probability is used when the queue depth is within the first queue depth range. The second drop probability is used with the queue depth is within the second queue depth range. The device includes a random value generator and a drop indicator generator. | 09-17-2015 |
20150237180 | GUARANTEED IN-ORDER PACKET DELIVERY - Circuitry to provide in-order packet delivery. A packet descriptor including a sequence number is received. It is determined in which of three ranges the sequence number resides. Depending, at least in part, on the range in which the sequence number resides it is determined if the packet descriptor is to be communicated to a scheduler which causes an associated packet to be transmitted. If the sequence number resides in a first “flush” range, all associated packet descriptors are output. If the sequence number resides in a second “send” range, only the received packet descriptor is output. If the sequence number resides in a third “store and reorder” range and the sequence number is the next in-order sequence number the packet descriptor is output; if the sequence number is not the next in-order sequence number the packet descriptor is stored in a buffer and a corresponding valid bit is set. | 08-20-2015 |
20150222513 | NETWORK INTERFACE DEVICE THAT ALERTS A MONITORING PROCESSOR IF CONFIGURATION OF A VIRTUAL NID IS CHANGED - A Network Interface Device (NID) of a web hosting server implements multiple virtual NIDs. For each virtual NID there is a block in a memory of a transactional memory on the NID. This block stores configuration information that configures the corresponding virtual NID. The NID also has a single managing processor that monitors configuration of the plurality of virtual NIDs. If there is a write into the memory space where the configuration information for the virtual NIDs is stored, then the transactional memory detects this write and in response sends an alert to the managing processor. The size and location of the memory space in the memory for which write alerts are to be generated is programmable. The content and destination of the alert is also programmable. | 08-06-2015 |
20150220449 | NETWORK INTERFACE DEVICE THAT MAPS HOST BUS WRITES OF CONFIGURATION INFORMATION FOR VIRTUAL NIDS INTO A SMALL TRANSACTIONAL MEMORY - A Network Interface Device (NID) of a web hosting server implements multiple virtual NIDs. A virtual NID is configured by configuration information in an appropriate one of a set of smaller blocks in a high-speed memory on the NID. There is a smaller block for each virtual NID. A virtual machine on the host can configure its virtual NID by writing configuration information into a larger block in PCIe address space. Circuitry on the NID detects that the PCIe write is into address space occupied by the larger blocks. If the write is into this space, then address translation circuitry converts the PCIe address into a smaller address that maps to the appropriate one of the smaller blocks associated with the virtual NID to be configured. If the PCIe write is detected not to be an access of a larger block, then the NID does not perform the address translation. | 08-06-2015 |
20150220446 | TRANSACTIONAL MEMORY THAT IS PROGRAMMABLE TO OUTPUT AN ALERT IF A PREDETERMINED MEMORY WRITE OCCURS - A transactional memory receives a command, where the command includes an address and a novel GAA (Generate Alert On Action) bit. If the GAA bit is set and if the transactional memory is enabled to generate alerts and if the command is a write into a memory of the transactional memory, then the transactional memory outputs an alert in accordance with preconfigured parameters. For example, the alert may be preconfigured to carry a value or key usable by the recipient of the alert to determine the reason for the alert. The alert may be set up to include the address of the memory location in the transactional memory that was written. The transactional memory may be set up to send the alert to a predetermined destination. The outputting of the alert may be a writing of information into a predetermined destination, or may be an outputting of an interrupt signal. | 08-06-2015 |
20150220445 | TRANSACTIONAL MEMORY THAT PERFORMS A PROGRAMMABLE ADDRESS TRANSLATION IF A DAT BIT IN A TRANSACTIONAL MEMORY WRITE COMMAND IS SET - A transactional memory receives a command, where the command includes an address and a novel DAT (Do Address Translation) bit. If the DAT bit is set and if the transactional memory is enabled to do address translations and if the command is for an access (read or write) of a memory of the transactional memory, then the transactional memory performs an address translation operation on the address of the command. Parameters of the address translation are programmable and are set up before the command is received. In one configuration, certain bits of the incoming address are deleted, and other bits are shifted in bit position, and a base address is ORed in, and a padding bit is added, thereby generating the translated address. The resulting translated address is then used to access the memory of the transactional memory to carry out the command. | 08-06-2015 |
20150194215 | DEDICATED EGRESS FAST PATH FOR NON-MATCHING PACKETS IN AN OPENFLOW SWITCH - A first packet of a flow received onto an OpenFlow switch causes a flow entry to be added to a flow table, but the associated action is to perform a TCAM lookup. A request is sent to an OpenFlow controller. A response OpenFlow message indicates an action. The response passes through a special dedicated egress fast-path such that the action is applied and the first packet is injected into the main data output path of the switch. A TCAM entry is also added that indicates the action. A second packet of the flow is then received and a flow table lookup causes a TCAM lookup, which indicates the action. The action is applied to the second packet, the packet is output from the switch, and the lookup table is updated so the flow entry will thereafter directly indicate the action. Subsequent packets of the flow do not involve TCAM lookups. | 07-09-2015 |
20150193681 | NFA COMPLETION NOTIFICATION - An automaton hardware engine employs a transition table organized into 2 | 07-09-2015 |
20150193484 | COMMAND-DRIVEN NFA HARDWARE ENGINE THAT ENCODES MULTIPLE AUTOMATONS - An automaton hardware engine employs a transition table organized into 2 | 07-09-2015 |
20150193483 | AUTOMATON HARDWARE ENGINE EMPLOYING MEMORY-EFFICIENT TRANSITION TABLE INDEXING - An automaton hardware engine employs a transition table organized into 2 | 07-09-2015 |
20150193374 | NFA BYTE DETECTOR - An automaton hardware engine employs a transition table organized into 2 | 07-09-2015 |
20150193266 | TRANSACTIONAL MEMORY HAVING LOCAL CAM AND NFA RESOURCES - An automaton hardware engine employs a transition table organized into 2 | 07-09-2015 |
20150128119 | RESOURCE ALLOCATION WITH HIERARCHICAL SCOPE - A source code symbol can be declared to have a scope level indicative of a level in a hierarchy of scope levels, where the scope level indicates a circuit level or a sub-circuit level in the hierarchy. A novel instruction to the linker can define the symbol to be of a desired scope level. Location information indicates where different amounts of the object code are to be loaded into a system. A novel linker program uses the location information, along with the scope level information of the symbol, to uniquify instances of the symbol if necessary to resolve name collisions of symbols having the same scope. After the symbol uniquification step, the linker performs resource allocation. A resource instance is allocated to each symbol. The linker then replaces each instance of the symbol in the object code with the address of the allocated resource instance, thereby generating executable code. | 05-07-2015 |
20150128118 | HIERARCHICAL RESOURCE POOLS IN A LINKER - A novel declare instruction can be used in source code to declare a sub-pool of resource instances to be taken from the resource instances of a larger declared pool. Using such declare instructions, a hierarchy of pools and sub-pools can be declared. A novel allocate instruction can then be used in the source code to instruct a novel linker to make resource instance allocations from a desired pool or a desired sub-pool of the hierarchy. After compilation, the declare and allocate instructions appear in the object code. The linker uses the declare and allocate instructions in the object code to set up the hierarchy of pools and to make the indicated allocations of resource instances to symbols. After resource allocation, the linker replaces instances of a symbol in the object code with the address of the allocated resource instance, thereby generating executable code. | 05-07-2015 |
20150128117 | LINKER THAT STATICALLY ALLOCATES NON-MEMORY RESOURCES AT LINK TIME - A novel linker statically allocates resource instances of a non-memory resource at link time. In one example, a novel declare instruction in source code declares a pool of resource instances, where the resource instances are instances of the non-memory resource. A novel allocate instruction is then used to instruct the linker to allocate a resource instance from the pool to be associated with a symbol. Thereafter the symbol is usable in the source code to refer to an instance of the non-memory resource. At link time the linker allocates an instance of the non-memory resource to the symbol and then replaces each instance of the symbol with an address of the non-memory resource instance, thereby generating executable code. Examples of instances of non-memory resources include ring circuits and event filter circuits. | 05-07-2015 |
20150128113 | ALLOCATE INSTRUCTION AND API CALL THAT CONTAIN A SYBMOL FOR A NON-MEMORY RESOURCE - A novel allocate instruction and a novel API call are received onto a compiler. The allocate instruction includes a symbol that identifies a non-memory resource instance. The API call is a call to perform an operation on a non-memory resource instance, where the particular instance is indicated by the symbol in the API call. The compiler replaces the API call with a set of API instructions. A linker then allocates a value to be associated with the symbol, where the allocated value is one of a plurality of values, and where each value corresponds to a respective one of the non-memory resource instances. After allocation, the linker generates an amount of executable code, where the API instructions in the code: 1) are for using the allocated value to generate an address of a register in the appropriate non-memory resource instance, and 2) are for accessing the register. | 05-07-2015 |
20150127864 | HARDWARE FIRST COME FIRST SERVE ARBITER USING MULTIPLE REQUEST BUCKETS - A First Come First Server (FCFS) arbiter that receives a request to utilize a shared resource from a plurality of devices and in response generates a grant value indicating if the request is granted. The FCFS arbiter includes a circuit and a storage device. The circuit receives a first request and a grant enable during a first clock cycle and outputs a grant value. The grant enable is received from a shared resource. The grant value communicated to the source of the first request. The storage device includes a plurality of request buckets. The first request is stored in a first request bucket when the first request is not granted during the first clock cycle and is moved from the first request bucket to a second request bucket when the first request is not granted during a second clock cycle. A granted request is cleared from all request buckets. | 05-07-2015 |
20150089242 | ENTROPY STORAGE RING HAVING STAGES WITH FEEDBACK INPUTS - An entropy storage ring includes an input node, a plurality of serial-connected stages, and an output node. Each stage includes an XOR (or XNOR) circuit, a delay element having an input coupled to the XOR output, and a combinatorial circuit having an output coupled to a second input of the XOR. The combinatorial circuit may be a NAND, NOR, AND or OR gate. A first input of the XOR is the data input of the stage. The output of the delay element is the data output of the stage. A first input of the combinatorial circuit is coupled to receive an enable bit from a configuration register. A second input of the combinatorial circuit is coupled to the ring output node. In operation, a bit stream is supplied onto the ring input node. Feedback of multiple stages are enabled so that the bit stream undergoes complex permutation as it circulates. | 03-26-2015 |
20150089165 | TRANSACTIONAL MEMORY THAT SUPPORTS A GET FROM ONE OF A SET OF RINGS COMMAND - A transactional memory (TM) includes a control circuit pipeline and an associated memory unit. The memory unit stores a plurality of rings. The pipeline maintains, for each ring, a head pointer and a tail pointer. A ring operation stage of the pipeline maintains the pointers as values are put onto and are taken off the rings. A put command causes the TM to put a value into a ring, provided the ring is not full. A get command causes the TM to take a value off a ring, provided the ring is not empty. A put with low priority command causes the TM to put a value into a ring, provided the ring has at least a predetermined amount of free buffer space. A get from a set of rings command causes the TM to get a value from the highest priority non-empty ring (of a specified set of rings). | 03-26-2015 |
20150089096 | TRANSACTIONAL MEMORY THAT SUPPORTS A PUT WITH LOW PRIORITY RING COMMAND - A transactional memory (TM) includes a control circuit pipeline and an associated memory unit. The memory unit stores a plurality of rings. The pipeline maintains, for each ring, a head pointer and a tail pointer. A ring operation stage of the pipeline maintains the pointers as values are put onto and are taken off the rings. A put command causes the TM to put a value into a ring, provided the ring is not full. A get command causes the TM to take a value off a ring, provided the ring is not empty. A put with low priority command causes the TM to put a value into a ring, provided the ring has at least a predetermined amount of free buffer space. A get from a set of rings command causes the TM to get a value from the highest priority non-empty ring (of a specified set of rings). | 03-26-2015 |
20150089095 | TRANSACTIONAL MEMORY THAT SUPPORTS PUT AND GET RING COMMANDS - A transactional memory (TM) includes a control circuit pipeline and an associated memory unit. The memory unit stores a plurality of rings. The pipeline maintains, for each ring, a head pointer and a tail pointer. A ring operation stage of the pipeline maintains the pointers as values are put onto and are taken off the rings. A put command causes the TM to put a value into a ring, provided the ring is not full. A get command causes the TM to take a value off a ring, provided the ring is not empty. A put with low priority command causes the TM to put a value into a ring, provided the ring has at least a predetermined amount of free buffer space. A get from a set of rings command causes the TM to get a value from the highest priority non-empty ring (of a specified set of rings). | 03-26-2015 |
20150088950 | STORING AN ENTROPY SIGNAL FROM A SELF-TIMED LOGIC BIT STREAM GENERATOR IN AN ENTROPY STORAGE RING - A Self-Timed Logic Entropy Bit Stream Generator (STLEBSG) outputs a bit stream having non-deterministic entropy. The bit stream is supplied onto an input of a signal storage ring so that entropy of the bit stream is then stored in the ring as the bit stream circulates in the ring. Depending on the configuration of the ring, the bit stream as it circulates undergoes permutations, but the signal storage ring nonetheless stores the entropy of the injected bit stream. In one example, the STLEBSG is disabled and the bit stream is no longer supplied to the ring, but the ring continues to circulate and stores entropy of the original bit stream. With the STLEBSG disabled, a signal output from the ring is used to generate one or more random numbers. | 03-26-2015 |
20150088949 | SELF-TIMED LOGIC BIT STREAM GENERATOR WITH COMMAND TO RUN FOR A NUMBER OF STATE TRANSITIONS - A bit stream having non-deterministic entropy is generated by a Self-Timed Logic Entropy Bit Stream Generator (STLEBSG). The STLEBSG includes an incrementer and a linear feedback shift register (LFSR), both implemented in self-timed logic as parts of an asynchronous state machine. In response to a command, the incrementer asynchronously increments a number of times and then stops, where the number of times is determined by command. For each increment of the incrementer, the LFSR undergoes a state transition. As the incrementer increments, the LFSR outputs the bit stream. If the command is a run repeatedly command, then after the incrementer stops the incrementer is reinitialized and then again increments the number of times. This incrementing, stopping, reinitializing, and incrementing process is repeated indefinitely. Another command causes the incrementer to be loaded. Another command causes the LFSR to be loaded. | 03-26-2015 |
20150058551 | PICO ENGINE POOL TRANSACTIONAL MEMORY ARCHITECTURE - A transactional memory (TM) includes a selectable bank of hardware algorithm prework engines, a selectable bank of hardware lookup engines, and a memory unit. The memory unit stores result values (RVs), instructions, and lookup data operands. The transactional memory receives a lookup command across a bus from one of a plurality of processors. The lookup command includes a source identification value, data, a table number value, and a table set value. In response to the lookup command, the transactional memory selects one hardware algorithm prework engine and one hardware lookup engine to perform the lookup operation. The selected hardware algorithm prework engine modifies data included in the lookup command. The selected hardware lookup engine performs a lookup operation using the modified data and lookup operands provided by the memory unit. In response to performing the lookup operation, the transactional memory returns a result value and optionally an instruction. | 02-26-2015 |
20150054547 | HARDWARE PREFIX REDUCTION CIRCUIT - A hardware prefix reduction circuit includes a plurality of levels. Each level includes an input conductor, an output conductor, and a plurality of nodes. Each node includes a buffer and a storage device that stores a digital logic level. One node further includes an inverter. Another node further includes an AND gate with two non-inverting inputs. Another node further includes an AND gate with an inverting input and a non-inverting input. One bit of an input value, such as an internet protocol address, is communicated on the input conductor. The first level of the prefix reduction circuit includes two nodes and each subsequent level includes twice as many nodes as is included in the preceding level. A digital logic level is individually programmed into each storage device. The digital logic levels stored in the storage devices determines the prefix reduction algorithm implemented by the hardware prefix reduction circuit. | 02-26-2015 |
20140330991 | EFFICIENT COMPLEX NETWORK TRAFFIC MANAGEMENT IN A NON-UNIFORM MEMORY SYSTEM - A network appliance includes a first processor, a second processor, a first storage device, and a second storage device. A first status information is stored in the first storage device. The first processor is coupled to the first storage device. A queue of data is stored in the second storage device. The first status information indicates if traffic data stored in the queue of data is permitted to be transmitted. The second processor is coupled to the second storage device. The first processor communicates with the second processor. The traffic data includes packet information. The first storage device is a high speed memory only accessible to the first processor. The second storage device is a high capacity memory accessible to multiple processors. The first status information is a permitted bit that indicates if the traffic data within the queue of data is permitted to be transmitted. | 11-06-2014 |
20140258644 | TRANSACTIONAL MEMORY THAT PERFORMS AN ATOMIC METERING COMMAND - A transactional memory (TM) receives an Atomic Metering Command (AMC) across a bus from a processor. The command includes a memory address and a meter pair indicator value. In response to the AMC, the TM pulls an input value (IV). The TM uses the memory address to read a word including multiple credit values from a memory unit. Circuitry within the TM selects a pair of credit values, subtracts the IV from each of the pair of credit values thereby generating a pair of decremented credit values, compares the pair of decremented credit values with a threshold value, respectively, thereby generating a pair of indicator values, performs a lookup based upon the pair of indicator values and the meter pair indicator value, and outputs a selector value and a result value that represents a meter color. The selector value determines the credit values written back to the memory unit. | 09-11-2014 |
20140236873 | PACKET PREDICTION IN A MULTI-PROTOCOL LABEL SWITCHING NETWORK USING OPERATION, ADMINISTRATION, AND MAINTENANCE (OAM) MESSAGING - A first switch in a MPLS network receives a plurality of packets that are part of a pair of flows. The first switch performs a packet prediction learning algorithm on the first plurality of packets and generates packet prediction information that is communicated to a second switch within the MPLS network utilizing an Operations, Administration, and Maintenance (OAM) packet (message). In a first example, the first switch communicates a packet prediction information notification to a Network Operations Center (NOC) that in response communicates a packet prediction control signal to the second switch. In a second example, the first switch does not communicate a packet prediction information notification. In the first example, the second switch utilizes the packet prediction control signal to determine if the packet prediction information is to be utilized. In the second example, second switch independently determines if the packet prediction information is to be used. | 08-21-2014 |
20140233394 | PACKET PREDICTION IN A MULTI-PROTOCOL LABEL SWITCHING NETWORK USING OPENFLOW MESSAGING - A first switch in a MPLS network receives a plurality of packets. The plurality of packets are part of a pair of flows. The first switch performs a packet prediction learning algorithm on the first plurality of packets and generates packet prediction information. The first switch communicates the packet prediction information to a Network Operation Center (NOC). In response, the NOC communicates the packet prediction information to a second switch within the MPLS network utilizing OpenFlow messaging. In a first example, the NOC communicates a packet prediction control signal to the second switch. In a second example, a packet prediction control signal is not communicated. In the first example, based on the packet prediction control signal, the second switch determines if it will utilize the packet prediction information. In the second example, the second switch independently determines if the packet prediction information is to be used. | 08-21-2014 |
20140201734 | COMPARTMENTALIZATION OF THE USER NETWORK INTERFACE TO A DEVICE - A device has physical network interface port through which a user can monitor and configure the device. A backend process and a virtual machine (VM) execute on a host operating system (OS). A front end user interface process executes on the VM, and is therefore compartmentalized in the VM. There is no front end user interface executing on the host OS outside the VM. The only management access channel into the device is via a first communication path through the physical network interface port, to the VM, up the VM's stack, and to the front end process. If the backend process is to be instructed to take an action, then the front end process forwards an application layer instruction to the backend process via a second communication path. The instruction passes down the VM stack, across a virtual secure network link, up the host stack, and to the backend process. | 07-17-2014 |
20140201728 | SOFTWARE UPDATE METHODOLOGY - Software update information is communicated to a network appliance either across a network or from a local memory device. The software update information includes kernel data, application data, or indicator data. The network appliance includes a first storage device, a second storage device, an operating memory, a central processing unit (CPU), and a network adapter. First and second storage devices are persistent storage devices. In a first example, both kernel data and application data are updated in the network appliance in response to receiving the software update information. In a second example, only the kernel data is updated in the network appliance in response to receiving the software update information. In a third example, only the application data is updated in the network appliance in response to receiving the software update information. Indicator data included in the software update information determines the data to be updated in the network appliance. | 07-17-2014 |
20140195797 | EFFICIENT FORWARDING OF ENCRYPTED TCP RETRANSMISSIONS - A network device receives TCP segments of a flow via a first SSL session and transmits TCP segments via a second SSL session. Once a TCP segment has been transmitted, the TCP payload need no longer be stored on the network device. Substantial memory resources are conserved, because the device may have to handle many retransmit TCP segments at a given time. If the device receives a retransmit segment, then the device regenerates the retransmit segment to be transmitted. A data structure of entries is stored, with each entry including a decrypt state and an encrypt state for an associated SSL byte position. The device uses the decrypt state to initialize a decrypt engine, decrypts an SSL payload of the retransmit TCP segment received, uses the encrypt state to initialize an encrypt engine, re-encrypts the SSL payload, and then incorporates the re-encrypted SSL payload into the regenerated retransmit TCP segment. | 07-10-2014 |
20140189093 | EFFICIENT INTERCEPT OF CONNECTION-BASED TRANSPORT LAYER CONNECTIONS - A TCP connection is established between a client and a server, such that packets communicated across the TCP connection pass through a proxy. Based at least in part on a result of monitoring packets flowing across the TCP connection, the proxy determines whether to split the TCP control loop into two TCP control loops so that packets can be inspected more thoroughly. If the TCP control loop is split, then a first TCP control loop manages flow between the client the proxy and a second TCP control loop manages flow between the proxy and the server. Due to the two control loops, packets can be held on the proxy long enough to be analyzed. In some circumstances, a decision is then made to stop inspecting. The two TCP control loops are merged into a single TCP control loop, and thereafter the proxy passes packets of the TCP connection through unmodified. | 07-03-2014 |
20140153571 | FLOW KEY LOOKUP INVOLVING MULTIPLE SIMULTANEOUS CAM OPERATIONS TO IDENTIFY HASH VALUES IN A HASH BUCKET - A flow key is determined from an incoming packet. Two hash values A and B are then generated from the flow key. Hash value A is an index into a hash table to identify a hash bucket. Multiple simultaneous CAM lookup operations are performed on fields of the bucket to determine which ones of the fields store hash value B. For each populated field there is a corresponding entry in a key table and in other tables. The key table entry corresponding to each field that stores hash value B is checked to determine if that key table entry stores the original flow key. When the key table entry that stores the original flow key is identified, then the corresponding entries in the other tables are determined to be a “lookup output information value”. This value indicates how the packet is to be handled/forwarded by the network appliance. | 06-05-2014 |
20140136814 | TRANSACTIONAL MEMORY THAT PERFORMS A SPLIT 32-BIT LOOKUP OPERATION - A transactional memory (TM) receives a lookup command across a bus from a processor. The command includes a memory address, a starting bit position, and a mask size. In response to the command, the TM pulls an input value (IV). The memory address is used to read a word containing multiple result values (RVs) and multiple threshold values (TVs) from memory. A selecting circuit within the TM uses the starting bit position and mask size to select a portion of the IV. The portion of the IV is a lookup key value (LKV). The multiple TVs define multiple lookup key ranges. The TM determines which lookup key range includes the LKV. A RV is selected based upon the lookup key range determined to include the LKV. The lookup key range is determined by a lookup key range identifier circuit. The selected RV is selected by a result value selection circuit. | 05-15-2014 |
20140136813 | TRANSACTIONAL MEMORY THAT PERFORMS A TCAM 32-BIT LOOKUP OPERATION - A transactional memory (TM) receives a lookup command across a bus from a processor. The command includes a memory address. In response to the command, the TM pulls an input value (IV). The memory address is used to read a word containing multiple result values (RVs), multiple reference values, and multiple mask values from memory. A selecting circuit within the TM uses a starting bit position and a mask size to select a portion of the IV. The portion of the IV is a lookup key value (LKV). The LKV is masked by each mask value thereby generating multiple masked values. Each masked value is compared to a reference value thereby generating multiple comparison values. A lookup table generates a selector value based upon the comparison values. A result value is selected based on the selector value. The selected result value is then communicated to the processor via the bus. | 05-15-2014 |
20140136812 | TRANSACTIONAL MEMORY THAT PERFORMS AN ALUT 32-BIT LOOKUP OPERATION - A transactional memory (TM) receives a lookup command across a bus from a processor. The command includes a memory address, a starting bit position, and a mask size. In response to the command, the TM pulls an input value (IV). The memory address is used to read a word containing multiple result values (RVs) and multiple key values from memory. Each key value is indicates a single RV to be output by the TM. A selecting circuit within the TM uses the starting bit position and mask size to select a portion of the IV. The portion of the IV is a key selector value. A key value is selected based upon the key selector value. A RV is selected based upon the key value. The key value is selected by a key selection circuit. The RV is selected by a result value selection circuit. | 05-15-2014 |
20140136798 | TRANSACTIONAL MEMORY THAT PERFORMS A PMM 32-BIT LOOKUP OPERATION - A transactional memory (TM) receives a lookup command across a bus from a processor. The command includes a memory address. In response to the command, the TM pulls an input value (IV). The memory address is used to read a word containing multiple result values (RVs), multiple reference values, and multiple prefix values from memory. A selecting circuit within the TM uses a starting bit position and a mask size to select a portion of the IV. The portion of the IV is a lookup key value (LKV). Mask values are generated based on the prefix values. The LKV is masked by each mask value thereby generating multiple masked values that are compared to the reference values. Based on the comparison a lookup table generates a selector value that is used to select a result value. The selected result value is then communicated to the processor via the bus. | 05-15-2014 |
20140136683 | INTER-PACKET INTERVAL PREDICTION OPERATING ALGORITHM - An appliance receives packets that are part of a flow pair, each packet sharing an application protocol. The appliance determines an estimated application protocol of the packets without performing deep packet inspection on any packets. The estimated application protocol may be determined by using an application protocol estimation table. The appliance then predicts the inter-packet interval between a packet previously received by the appliance and a next packet not yet received by the appliance. The inter-packet interval may be determined by using an inter-packet interval prediction table. The appliance then preloads packet flow data in a cache before the next packet is predicted to arrive at the appliance. Upon receiving the next packet, the packet flow data is preloaded in the cache. This reduces packet processing time by removing waiting periods previously required to cache packet flow data from an external memory after receiving the next packet. | 05-15-2014 |
20140133320 | INTER-PACKET INTERVAL PREDICTION LEARNING ALGORITHM - An appliance receives packets that are part of a flow pair, each packet sharing an application protocol. The appliance determines the application protocol of the packets by performing deep packet inspection (DPI) on the packets. Packet sizes are measured and converted into packet size states. Packet size states, packet sequence numbers, and packet flow directions are used to create an application protocol estimation table (APET). The APET is used during normal operation to estimate the application protocol of a flow pair without performing time consuming DPI. The appliance then determines inter-packet intervals between received packets. The inter-packet intervals are converted into inter-packet interval states. The inter-packet interval states and packet sequence numbers are used to create an inter-packet interval prediction table. The appliance then stores an inter-packet interval prediction table for each application protocol. The inter-packet interval prediction table is used during operation to predict the inter-packet interval between packets. | 05-15-2014 |
20140126367 | NETWORK APPLIANCE THAT DETERMINES WHAT PROCESSOR TO SEND A FUTURE PACKET TO BASED ON A PREDICTED FUTURE ARRIVAL TIME - A network appliance includes a network processor and several processing units. Packets a flow pair are received onto the network appliance. Without performing deep packet inspection on any packet of the flow pair, the network processor analyzes the flows, estimates therefrom the application protocol used, and determines a predicted future time when the next packet will likely be received. The network processor determines to send the next packet to a selected one of the processing units based in part on the predicted future time. In some cases, the network processor causes a cache of the selected processing unit to be preloaded shortly before the predicted future time. When the next packet is actually received, the packet is directed to the selected processing unit. In this way, packets are directed to processing units within the network appliance based on predicted future packet arrival times without the use of deep packet inspection. | 05-08-2014 |
20140075147 | TRANSACTIONAL MEMORY THAT PERFORMS AN ATOMIC LOOK-UP, ADD AND LOCK OPERATION - A transactional memory (TM) receives an Atomic Look-up, Add and Lock (ALAL) command across a bus from a client. The command includes a first value. The TM pulls a second value. The TM uses the first value to read a set of memory locations, and determines if any of the locations contains the second value. If no location contains the second value, then the TM locks a vacant location, adds the second value to the vacant location, and sends a result to the client. If a location contains the second value and it is not locked, then the TM locks the location and returns a result to the client. If a location contains the second value and it is locked, then the TM returns a result to the client. Each location has an associated data structure. Setting the lock field of a location locks access to its associated data structure. | 03-13-2014 |
20140068174 | TRANSACTIONAL MEMORY THAT PERFORMS A CAMR 32-BIT LOOKUP OPERATION - A transactional memory (TM) receives a lookup command across a bus from a processor. The command includes a base address, a starting bit position, and a mask size. In response to the command, the TM pulls an input value (IV). A selecting circuit within the TM uses the starting bit position and the mask size to select a first portion of the IV. The first portion of the IV and the base address value are summed to generate a memory address. The memory address is used to read a word containing multiple result values and multiple reference values from memory. A second portion of the IV is compared with each reference value using a comparator circuit. A result value associated with the matching reference value is selected using a multiplexing circuit and a select value generated by the comparator circuit. The TM sends the selected result value to the processor. | 03-06-2014 |
20140068109 | TRANSACTIONAL MEMORY THAT PERFORMS AN ATOMIC METERING COMMAND - A transactional memory (TM) receives an Atomic Metering Command (AMC) across a bus from a processor. The command includes a memory address and a meter pair indicator value. In response to the AMC, the TM pulls an input value (IV). The TM uses the memory address to read a word including multiple credit values from a memory unit. Circuitry within the TM selects a pair of credit values, subtracts the IV from each of the pair of credit values thereby generating a pair of decremented credit values, compares the pair of decremented credit values with a threshold value, respectively, thereby generating a pair of indicator values, performs a lookup based upon the pair of indicator values and the meter pair indicator value, and outputs a selector value and a result value that represents a meter color. The selector value determines the credit values written back to the memory unit. | 03-06-2014 |
20140025920 | Transactional Memory that Performs a Direct 24-BIT Lookup Operation - A transactional memory (TM) receives a lookup command across a bus from a processor. Only final result values are stored in memory. The command includes a base address, a starting bit position, and mask size. In response to the lookup command, the TM pulls an input value (IV). A selecting circuit within the TM uses the starting bit position and mask size to select a portion of the IV. The portion of the IV and the base address are used to generate a memory address. The memory address is used to read a word containing multiple result values (RVs) from memory. One RV from the word is selected using a multiplexing circuit and a result location value (RLV) generated from the portion of the IV. A word selector circuit and arithmetic circuits are used to generate the memory address and RLV. The TM sends the selected RV to the processor. | 01-23-2014 |
20140025919 | Recursive Use of Multiple Hardware Lookup Structures in a Transactional Memory - A lookup engine of a transactional memory (TM) has multiple hardware lookup structures, each usable to perform a different type of lookup. In response to a lookup command, the lookup engine reads a first block of first information from a memory unit. The first information configures the lookup engine to perform a first type of lookup, thereby identifying a first result value. If the first result value is not a final result value, then the lookup engine uses address information in the first result value to read a second block of second information. The second information configures the lookup engine to perform a second type of lookup, thereby identifying a second result value. This process repeats until a final result value is obtained. The type of lookup performed is determined by the result value of the preceding lookup and/or type information of the block of information for the next lookup. | 01-23-2014 |
20140025918 | Transactional Memory that Performs a Direct 32-bit Lookup Operation - A transactional memory (TM) receives a lookup command across a bus from a processor. The command includes a base address, a starting bit position, and a mask size. In response to the lookup command, the TM pulls an input value (IV). The TM uses the starting bit position and the mask size to select a portion of the IV. A first sub-portion of the portion of the IV and the base address are summed to generate a memory address. The memory address is used to read a word containing multiple result values (RVs) from memory. One RV from the word is selected using a multiplexing circuit and a second sub-portion of the portion of the IV. If the selected RV is a final value, then lookup operation is complete and the TM sends the RV to the processor, otherwise the TM performs another lookup operation based upon the selected RV. | 01-23-2014 |
20140025884 | Transactional Memory that Performs a Statistics Add-and-Update Operation - A transactional memory (TM) of an island-based network flow processor (IB-NFP) integrated circuit receives a Stats Add-and-Update (AU) command across a command mesh of a Command/Push/Pull (CPP) data bus from a processor. A memory unit of the TM stores a plurality of first values in a corresponding set of memory locations. A hardware engine of the TM receives the AU, performs a pull across other meshes of the CPP bus thereby obtaining a set of addresses, uses the pulled addresses to read the first values out of the memory unit, adds the same second value to each of the first values thereby generating a corresponding set of updated first values, and causes the set of updated first values to be written back into the plurality of memory locations. Even though multiple count values are updated, there is only one bus transaction value sent across the CPP bus command mesh. | 01-23-2014 |
20140025858 | Recursive Lookup with a Hardware Trie Structure that has no Sequential Logic Elements - A hardware trie structure includes a tree of internal node circuits and leaf node circuits. Each internal node is configured by a corresponding multi-bit node control value (NCV). Each leaf node can output a corresponding result value (RV). An input value (IV) supplied onto input leads of the trie causes signals to propagate through the trie such that one of the leaf nodes outputs one of the RVs onto output leads of the trie. In a transactional memory, a memory stores a set of NCVs and RVs. In response to a lookup command, the NCVs and RVs are read out of memory and are used to configure the trie. The IV of the lookup is supplied to the input leads, and the trie looks up an RV. A non-final RV initiates another lookup in a recursive fashion, whereas a final RV is returned as the result of the lookup command. | 01-23-2014 |
20130219103 | Configurable Mesh Data Bus In An Island-Based Network Flow Processor - An island-based network flow processor (IB-NFP) integrated circuit includes rectangular islands disposed in rows. A configurable mesh data bus includes a command mesh, a pull-id mesh, and two data meshes. The configurable mesh data bus extends through all the islands. For each mesh, each island includes a centrally located crossbar switch and eight half links. Two half links extend to ports on the top edge of the island, a half link extends to a port on a right edge of the island, two half links extend to ports on the bottom edge of the island, and a half link extents to a port on the left edge of the island. Two additional links extend to functional circuitry of the island. The configurable mesh data bus is configurable to form a command/push/pull data bus over which multiple transactions can occur simultaneously on different parts of the integrated circuit. | 08-22-2013 |
20130219102 | Local Event Ring In An Island-Based Network Flow Processor - An island-based network flow processor (IB-NFP) integrated circuit includes islands organized in rows. A configurable mesh event bus extends through the islands and is configured to form a local event ring. The configurable mesh event bus is configured with configuration information received via a configurable mesh control bus. The local event ring provides a communication path along which an event packet is communicated to each rectangular island along the local event ring. The local event ring involves event ring circuits and event ring segments. Upon each transition of a clock signal, an event packet moves through the ring from event ring segment to event ring segment. Event information and not packet data travels through the ring. The local event ring functions as a source-release ring in that only the event ring circuit that inserted the event packet onto the ring can delete the event packet from the ring. | 08-22-2013 |
20130219100 | Staggered Island Structure In An Island-Based Network Flow Processor - An island-based network flow processor (IB-NFP) integrated circuit includes rectangular islands disposed in rows. In one example, the configurable mesh data bus is configurable to form a command/push/pull data bus over which multiple transactions can occur simultaneously on different parts of the integrated circuit. The rectangular islands of one row are oriented in staggered relation with respect to the rectangular islands of the next row. The left and right edges of islands in a row align with left and right edges of islands two rows down in the row structure. The data bus involves multiple meshes. In each mesh, the island has a centrally located crossbar switch and six radiating half links, and half links down to functional circuitry of the island. The staggered orientation of the islands, and the structure of the half links, allows half links of adjacent islands to align with one another. | 08-22-2013 |
20130219094 | Commonality of Memory Island Interface and Structure - The functional circuitry of a network flow processor is partitioned into a number of rectangular islands. The islands are disposed in rows. A configurable mesh data bus extends through the islands. A first island includes a first memory and a first data bus interface. A second island includes a processor, a second memory, and a second data bus interface. The processor can issue a command for a target memory to do an action. If a field in the command has a first value then the target memory is the first memory, whereas if the field has a second value then the target memory is in the second memory. The command format is the same, regardless of whether the target memory is local or remote. If the target memory is remote, then a data bus bridge adds destination information before putting the command onto the global configurable mesh data bus. | 08-22-2013 |
20130219092 | Global Event Chain In An Island-Based Network Flow Processor - An island-based network flow processor (IB-NFP) integrated circuit includes islands organized in rows. A configurable mesh event bus extends through the islands and is configured to form one or more local event rings and a global event chain. The configurable mesh event bus is configured with configuration information received via a configurable mesh control bus. Each local event ring involves event ring circuits and event ring segments. In one example, an event packet being communicated along a local event ring reaches an event ring circuit. The event ring circuit examines the event packet and determines whether it meets a programmable criterion. If the event packet meets the criterion, then the event packet is inserted into the global event chain. The global event chain communicates the event packet to a global event manager that logs events and maintains statistics and other information. | 08-22-2013 |
20130219091 | Island-Based Network Flow Processor Integrated Circuit - A reconfigurable, scalable and flexible island-based network flow processor integrated circuit architecture includes a plurality of rectangular islands of identical shape and size. The islands are disposed in rows, and a configurable mesh command/push/pull data bus extends through all the islands. The integrated circuit includes first SerDes I/O blocks, an ingress MAC island that converts incoming symbols into packets, an ingress NBI island that analyzes packets and generates ingress packet descriptors, a microengine (ME) island that receives ingress packet descriptors and headers from the ingress NBI and analyzes the headers, a memory unit (MU) island that receives payloads from the ingress NBI and performs lookup operations and stores payloads, an egress NBI island that receives the header portions and the payload portions and egress descriptors and performs egress scheduling, and an egress MAC island that outputs packets to second SerDes I/O blocks. | 08-22-2013 |
20130215901 | Flow Control Using a Local Event Ring In An Island-Based Network Flow Processor - An island-based network flow processor (IB-NFP) integrated circuit includes islands organized in rows. A configurable mesh event bus extends through the islands and is configured to form a local event ring. The configurable mesh event bus is configured with configuration information received via a configurable mesh control bus. The local event ring involves event ring circuits and event ring segments. In one example, a packet is received onto a first island. If an amount of a processing resource (for example, memory buffer space) available to the first island is below a threshold, then an event packet is communicated from the first island to a second island via the local event ring. In response, the second island causes a third island to communicate via a command/push/pull data bus with the first island, thereby increasing the amount of the processing resource available to the first island for handing incoming packets. | 08-22-2013 |
20130215899 | Distributed Credit FIFO Link of a Configurable Mesh Data Bus - An island-based integrated circuit includes a configurable mesh data bus. The data bus includes four meshes. Each mesh includes, for each island, a crossbar switch and radiating half links. The half links of adjacent islands align to form links between crossbar switches. A link is implemented as two distributed credit FIFOs. In one direction, a link portion involves a FIFO associated with an output port of a first island, a first chain of registers, and a second FIFO associated with an input port of a second island. When a transaction value passes through the FIFO and through the crossbar switch of the second island, an arbiter in the crossbar switch returns a taken signal. The taken signal passes back through a second chain of registers to a credit count circuit in the first island. The credit count circuit maintains a credit count value for the distributed credit FIFO. | 08-22-2013 |
20130215893 | Processing Resource Management In An Island-Based Network Flow Processor - An island-based network flow processor (IB-NFP) integrated circuit has a high performance processor island. The processor island has a processor and a tightly coupled memory. The integrated circuit also has another memory. The other memory may be internal or external memory. The header of an incoming packet is stored in the tightly coupled memory of the processor island. The payload is stored in the other memory. In one example, if the amount of a processing resource is below a threshold then the header is moved from the first island to the other memory before the header and payload are communicated to an egress island for outputting from the integrated circuit. If, however, the amount of the processing resource is not below the threshold then the header is moved directly from the processor island to the egress island and is combined with the payload there for outputting from the integrated circuit. | 08-22-2013 |
20130215792 | Configurable Mesh Control Bus In An Island-Based Network Flow Processor - An island-based network flow processor (IB-NFP) integrated circuit includes islands organized in rows. A configurable mesh control bus extends through the islands. The configurable mesh control bus is configurable to have a unidirectional tree structure such that configuration information passes into the integrated circuit, through a root island, through the branches of the tree structure, and to each of the other islands. The functional circuits of the islands, as well as a configurable mesh data bus of the integrated circuit, are all configured with configuration information supplied via the tree structure. In one example, the configurable control mesh bus portion of each island includes a statically configured switch and multiple half links that radiate from the switch. The static configuration is determined by hardwired tie off connections associated with the island. | 08-22-2013 |
20120131330 | System and Method for Processing Secure Transmissions - Secured transmissions between a client and a server are detected, a policy formulated whether encrypted material needs to be decrypted, and if content is to be decrypted it is, using decrypting information obtained from the client and server. Resulting plain test is then deployed to an entity such as a processor, store or interface. The plain text can be checked or modified. The transmission between client and server could be blocked, delivered without being decrypted, decrypted and then re-encrypted with or without modification. Each transmission is given an ID and a policy tag. | 05-24-2012 |
20120093160 | System and Method for Processing and Forwarding Transmitted Information - A system and method for handling a digital electronic flow between a first and second entity in which a flow policy is determined that is to be applied to the flow and the flow is then directed along a path in accordance with the policy. An ID is supplied for each flow and a tag associated with each flow which indicates the policy to be applied to its associated flow. Flows are also associated with one another, with associated flows having associated policies. In particular the flow may be processed or forwarded. The path may include a graph structure and virtual applications. | 04-19-2012 |
20110093663 | ATOMIC COMPARE AND WRITE MEMORY - A microcontroller system may include a microcontroller having a processor and a first memory, a memory bus and a second memory in communication with the microcontroller via the memory bus. The first memory may include instructions for accessing a first data set from a contiguous memory block in the second memory. The first data set may include a first word having a first value and a plurality of first other words. The first memory may include instructions for receiving a write instruction including a second data set to be written to the contiguous memory block. The first memory may include instructions for determining whether the first value equals the second value. If so, the first memory may include instructions for writing the second data set to the contiguous memory block and updating the first value. | 04-21-2011 |
20090204723 | System and Method for Processing and Forwarding Transmitted Information - A system and method for handling a digital electronic flow between a first and second entity in which a flow policy is determined that is to be applied to the flow and the flow is then directed along a path in accordance with the policy. An ID is supplied for each flow and a tag associated with each flow which indicates the policy to be applied to its associated flow. Flows are also associated with one another, with associated flows having associated policies. In particular the flow may be processed or forwarded. The path may include a graph structure and virtual applications. | 08-13-2009 |
20090201978 | System and Method for Processing Secure Transmissions - A method and apparatus for improving channel estimation within an OFDM communication system. Channel estimation in OFDM is usually performed with the aid of pilot symbols. The pilot symbols are typically spaced in time and frequency. The set of frequencies and times at which pilot symbols are inserted is referred to as a pilot pattern. In some cases, the pilot pattern is a diagonal-shaped lattice, either regular or irregular. The method first interpolates in the direction of larger coherence (time or frequency). Using these measurements, the density of pilot symbols in the direction of faster change will be increased thereby improving channel estimation without increasing overhead. As such, the results of the first interpolating step can then be used to assist the interpolation in the dimension of smaller coherence (time or frequency). | 08-13-2009 |