Patent application number | Description | Published |
20100040063 | GENERALIZED SERIALIZATION QUEUE FRAMEWORK FOR PROTOCOL PROCESSING - A method for processing packets. The method includes receiving a first packet, wherein the first packet is associated with a first protocol, classifying the first packet using a protocol associated with the first packet, sending the first packet to a first receive ring based on the classification, sending the first packet from the first receive ring to a first virtual network interface card (VNIC) based on an operating mode, sending the first packet from the first VNIC to a first protocol specific virtual network stack (VNS), wherein the first protocol specific VNS is configured to only process packets associated with the first protocol, and processing the first packet by the first protocol specific VNS to obtain a first processed packet. | 02-18-2010 |
20100122346 | METHOD AND APPARATUS FOR LIMITING DENIAL OF SERVICE ATTACK BY LIMITING TRAFFIC FOR HOSTS - A method for controlling a denial of service attack involves receiving a plurality of packets from a network, identifying an attacking host based on a severity level of the denial of service attack from the network, wherein the attacking host is identified by an identifying attack characteristic associated with one of the plurality of packets associated with the attacking host, analyzing each of the plurality of packets by a classifier to determine to which of a plurality of temporary data structures each of the plurality of packet is forwarded, forwarding each of the plurality of packets associated with the identifying attack characteristic to one of the plurality of temporary data structures matching the severity level of the denial of service attack as determined by the classifier, requesting a number of packets from the one of the plurality of temporary data structures matching the severity level by the virtual serialization queue, and forwarding the number of packets to the virtual serialization queue. | 05-13-2010 |
20100329259 | UPPER LAYER BASED DYNAMIC HARDWARE TRANSMIT DESCRIPTOR RECLAIMING - In general, the invention relates to reclaiming transmit descriptors by configuring a media access control (MAC) to execute a first MAC layer thread to reclaim a first number of transmit descriptors (TDs) from a first hardware transmit ring (HTR) using a first reclaim algorithm, where the first reclaim algorithm is associated with a first transmission pattern and a first TDR status. The invention further includes receiving, by a virtual NIC (VNIC) executing within the MAC layer, a first number of packets, forwarding the first number of packets to a device driver on the host associated with the physical NIC, and forwarding the first number of packets from the device driver to the physical NIC using the first number of TDs, where the first plurality of TDs are reclaimed by the first MAC layer thread according to the first reclaim algorithm. | 12-30-2010 |
20100333189 | METHOD AND SYSTEM FOR ENFORCING SECURITY POLICIES ON NETWORK TRAFFIC - A computer readable medium that includes computer readable program code embodied therein. The computer readable medium causes the computer system to receive, by a data link rule enforcer, a packet from a packet source of the packets, and obtain a data link rule applying to a data link. The data link is operatively connected to the packet source, and the data link is associated with a media access control (MAC) address. The computer readable medium further causes the computer system to determine, by the data link rule enforcer, whether the packet complies with the data link rule, and drop, by the data link rule enforcer, the packet when the packet fails to comply with the data link rule. | 12-30-2010 |
20110019553 | METHOD AND SYSTEM FOR LOAD BALANCING USING QUEUED PACKET INFORMATION - A computer readable medium including instructions executable by a processor to perform a method, the method including obtaining a packet by a load balancer, obtaining queued packet information for a plurality of target hosts operatively connected to the load balancer, selecting the one of the plurality of target hosts using the queued packet information, and sending the packet to the selected target host using a first communication channel between the load balancer and the selected target host. | 01-27-2011 |
20110090910 | ENHANCED VIRTUAL SWITCH - A system and method for providing network connectivity to a host, involving creating a virtual switch on the host, specifying at least one data link attribute of the virtual switch, creating a plurality of virtual network interface cards (VNICs) on the host, associating each of the plurality of VNICs with the virtual switch, and assigning the at least one data link attribute of the virtual switch to each of the plurality of VNICs, where the virtual switch is connected to a physical network interface card (NIC) associated with the host, where each of the plurality of VNICs is associated with a different one of a plurality of execution environments, where the plurality of execution environments is located on the host, and where the plurality of VNICs is located on the host. | 04-21-2011 |
20110090915 | METHOD AND SYSTEM FOR INTRA-HOST COMMUNICATION - A system including first and second virtualized execution environments and a hypervisor for sending packets between virtualized execution environments. The first virtualized execution environment includes a first VNIC associated with a first hardware address (HA), a first proxy VNIC associated with a second HA, and a virtual switch. A Vswitch table for the virtual switch includes entries associating the first HA with the first VNIC and the second HA with the first proxy VNIC. The second virtualized execution environment includes a second proxy VNIC associated with the first HA. The virtual switch receives a first packet associated with the second HA. The virtual switch sends the first packet to the first proxy VNIC when Vswitch table entry associates the second HA with the first proxy VNIC. The first VNIC proxy sends the first packet from the first virtualized execution environment to the second virtualized execution environment using the hypervisor. | 04-21-2011 |
20110093251 | VIRTUALIZING COMPLEX NETWORK TOPOLOGIES - In general, the invention relates to a creating a network model on a host. The invention includes: gathering first component properties associated with a first physical network device on a target network; creating a first container using first component properties; determining that a second physical network device is operatively connected to the first physical network device via a physical network link; gathering second component properties associated with the physical network link; creating a first VNIC associated with the first container; determining that at least one virtual network device is executing on the second physical network device; gathering third component properties associated with the at least one virtual network device; creating a second container, wherein the second container is configured using the third component properties; and creating a second VNIC associated with the second container. | 04-21-2011 |
20110185195 | ENERGY EFFICIENT MANAGEMENT OF DATALINKS - A system including a first physical network interface card (NIC) include a number of rings, where at least one of the rings is an active ring. The system further includes a host, operatively connected to the first NIC, and including Media Access Control (MAC) layer. The MAC layer is configured to obtain a power management policy, obtain a load associated with the active ring, determine, using the power management policy and the load, that the state associated with at least one of the rings must be changed, and change, in response to the determining, the state of at least one of the of rings. | 07-28-2011 |
20110208873 | ARCHITECTURE-AWARE ALLOCATION OF NETWORK BUFFERS - A computer readable medium comprising software instructions for: obtaining an allocation policy by a MAC layer executing on a host; receiving, a request for a transmit kernel buffer (TxKB) by a sending application executing on at least one processor of the host; obtaining a location of a plurality of available TxKBs on the host; obtaining a location of at least one available network interface on the host; obtaining a location of the sending application; allocating one of the plurality of available TxKBs to obtain an allocated TxKB, wherein the one of the plurality of available TxKBs is selected according to the allocation policy using the location of the plurality of available TxKB, the location of the at least one available network interface, and the location of the sending application, to obtain an allocated TxKB; and providing, to the sending application, the location of the allocated TxKB. | 08-25-2011 |
20120002535 | METHOD AND SYSTEM FOR DISTRIBUTING NETWORK TRAFFIC AMONG MULTIPLE DIRECT HARDWARE ACCESS DATAPATHS - A system for distributing network traffic among direct hardware access datapaths, comprising: a processor; one or more activated PNICs; a host operating system; and a virtual machine (VM). Each activated PNIC sends and receives data packets over a network. Each activated PNIC is configured with a virtual function. The VM includes a VNIC and a virtual link aggregator configured to maintain a list identifying each activated PNIC. Virtual function mappings for the VM associate the VM with virtual functions for the activated PNICs. The virtual link aggregator selects the first activated PNIC for servicing a network connection and determines a virtual function for the first activated PNIC. The VNIC for the first activated PNIC uses the virtual function to directly transfer network traffic for the network connection between the VM and the first activated PNIC. | 01-05-2012 |
20120005521 | METHOD AND SYSTEM FOR MAINTAINING DIRECT HARDWARE ACCESS IN THE EVENT OF NETWORK INTERFACE CARD FAILURE - A system for maintaining direct hardware access in the event of PNIC failure. A host for the system includes: a processor; a first and a second PNIC, where the first PNIC is activated and all other PNICs are deactivated; a host operating system; a virtual machine; and a hypervisor for transferring packets between the host operating system and the virtual machine. The host operating system includes a link aggregator, multiple host VNICs, and a virtual switch associated with the VNICs. The first virtual machine includes a virtual network protocol stack and a guest VNIC. The link aggregator is configured to determine whether the first PNIC has failed. Based on a determination that the first PNIC has failed, the link aggregator is further configured to: remove a virtual function mapping between the first PNIC and the virtual machine; determine the second PNIC; deactivate the first PNIC; and activate the second PNIC. | 01-05-2012 |