Patent application number | Description | Published |
20080240142 | Method and system for inheritance of network interface card capabilities - A method for obtaining a capability from a network interface card (NIC), involving sending a query to the NIC for the capability, obtaining the capability from the NIC in response to the query, sending the capability to a virtual NIC, and sending the capability from the virtual NIC to a virtual network stack associated with the virtual NIC, wherein the capability is used by the virtual network stack to process packets. | 10-02-2008 |
20080240432 | Method and system for security protocol partitioning and virtualization - A method for implementing a security protocol, involving receiving a packet from a network connection, obtaining an identifier for one of a plurality of security association database (SADB) partitions associated with the packet, wherein each of the plurality of SADB partitions is associated with one of a plurality of packet destinations, applying a security association from the one of the plurality of SADB partitions to the packet, and sending the packet to the one of the plurality of packet destinations associated with the SADB partition, wherein the packet is processed at the one of the plurality of packet destinations. | 10-02-2008 |
20080256603 | Method and system for securing a commercial grid network - A method for securing a commercial grid network involves receiving a lease request from a client to lease a computing resource selected from multiple computing resources in the commercial grid network, mapping a unique identifier of the client to a security label selected from multiple unmapped security labels to obtain a client-label mapping based on the lease request, mapping a unique identifier of the computing resource to the security label to obtain a resource-label mapping based on the lease request, storing the client-label mapping and the resource-label mapping in a security label repository to obtain stored security label mappings, and authenticating, by the commercial grid network, an access request from the client to the computing resource using the stored security label mappings. | 10-16-2008 |
20080267177 | Method and system for virtualization of packet encryption offload and onload - A method for processing a packet includes receiving the packet in a network interface card (NIC), obtaining a first classification for the packet, placing the packet in one of a first plurality of receive rings based on the first classification, obtaining a security association (SA) from one of a plurality of security association database (SADB) partitions, decrypting the packet using the SA, obtaining a security policy (SP) from one of a plurality of security policy database (SPD) partitions, determining an admittance of the packet based on the SP, obtaining a second classification for the packet based on the admittance, placing the packet in one of a second plurality of receive rings based on the second classification, and sending the packet to a host operatively connected to the NIC, wherein the packet is further processed by the host. | 10-30-2008 |
20080271134 | Method and system for combined security protocol and packet filter offload and onload - A network interface card (NIC) includes a security association database (SADB) comprising a plurality of security associations (SAs), a cryptographic offload engine configured to decrypt a packet using one of the plurality of SAs, a security policy database (SPD) comprising a plurality of security policies (SPs) and a plurality of filter policies, and a policy engine configured to determine an admittance of the packet using one of the plurality of SPs from the SPD and apply one of the plurality of filter policies to the packet. | 10-30-2008 |
20090006620 | Method and system for securing a commercial grid network over non-trusted routes - A method for securing a commercial grid network over non-trusted routes involves receiving, by an administrative node in the commercial grid network, a lease request from a client to lease one of multiple resource nodes in the commercial grid network, wherein the client is separated from the resource node by a non-trusted route. The method further involves transmitting, by the administrative node, a network security key associated with the client to the resource node, storing, by the resource node, the network security key in a network security key repository specific to the resource node, establishing, by the resource node, a secure network tunnel over the non-trusted route using the network security key, transmitting a network packet securely between the client and the resource node over the secure network tunnel, and destroying, by the resource node, the secure network tunnel when a lease term associated with the client and the resource node expires. | 01-01-2009 |
20090012963 | METHOD AND APPARATUS FOR PROVIDING HETEROGENEOUS RESOURCES FOR CLIENT SYSTEMS - One embodiment of the present invention provides a system that provides heterogeneous resources for client systems. During operation, the system maintains a stateful resource database that tracks heterogeneous resources in a given environment. The system receives requests from client systems, and in response to the requests searches for a heterogeneous resource in the stateful resource database that matches the request. If the system finds an available heterogeneous resource that matches the request, it proceeds to submit the request to the resource. Maintaining and using the stateful resource database facilitates efficiently sharing scarce heterogeneous resources across a number of client systems. | 01-08-2009 |
20090089351 | METHOD AND SYSTEM FOR ONLOADING NETWORK SERVICES - In general, the invention relates to a method for processing packets. The method includes receiving a first packet by a network interface card (NIC) connected to a host, classifying the first packet using a classifier, sending the first packet to a receive ring based on a classification of the first packet by the classifier, and sending the first packet from the receive ring to a first virtual network interface card (VNIC) located on the host. The method further includes determining, using a first policy associated with the first VNIC, whether to process the first packet using offload hardware. When the first packet is to be processed using the offload hardware, the method includes sending the first packet to the offload hardware, receiving a first processed packet from the offload hardware by the first VNIC and sending the first processed packet from the first VNIC to a first packet destination. | 04-02-2009 |
20090268611 | METHOD AND SYSTEM FOR BANDWIDTH CONTROL ON A NETWORK INTERFACE CARD - A method for bandwidth control on a network interface card (NIC), the method that includes initiating a current time period, receiving a plurality of incoming packets for a receive ring, populating, by a NIC, the receive ring with the plurality of incoming packets according to a size of the receive ring during the current time period, wherein the size of the receive ring is based on an allocated bandwidth for the receive ring, and sending, by the NIC, the plurality of incoming packets to a host when a duration of the current time period elapses, wherein the duration is based on the allocated bandwidth for the receive ring. | 10-29-2009 |
20090323690 | METHOD AND SYSTEM FOR CLASSIFYING PACKETS IN A NETWORK INTERFACE CARD AND INTERFACE FOR PERFORMING THE SAME - A method for processing packets. The method includes receiving a first packet by a network interface card (NIC) from a network, determining, using a first classification level, a first receive ring group (RRG) for the first packet, determining, using a second level classification, a first receive ring (RR) in the first RRG for the first packet, sending the first packet to the first RR, and sending the first packet from the first RR to a host operatively connected to the network interface card, wherein the first packet is received by a first virtual network interface card (VNIC) associated with the first RRG, where the first RRG is located in the NIC. | 12-31-2009 |
20090323691 | METHOD AND APPARATUS TO PROVIDE VIRTUAL TOE INTERFACE WITH FAIL-OVER - A method for processing packets. The method includes receiving a first packet by a first socket on a host, determining by the first socket to process the first packet using a first virtual Transmission Control Protocol offload engine (VTOE), transmitting the first packet to the first VTOE, wherein transmitting the first packet to the first VTOE bypasses a first virtual network stack interposed between the first socket and first VTOE, transmitting the first packet to a HW TOE operatively connected to the host, processing the first packet, using the HW TOE, to obtain a first processed packet; and transmitting the first processed packet to a network operatively connected to the HW TOE, where the HW TOE is associated with the first VTOE and a second VTOE in the host. | 12-31-2009 |
20100242045 | METHOD AND SYSTEM FOR ALLOCATING A DISTRIBUTED RESOURCE - A method for migrating a virtual machine executing on a host. The method involves monitoring, by a monitoring agent connected to a device driver, hosts in a network, wherein the device driver is connected to a network interface card, determining a virtual machine to be migrated based on a virtual machine policy, sending, by the host, a request to migrate to at least one of a plurality of target hosts in the network, receiving an acceptance to the request to migrate from at least one of the plurality of target hosts, determining, by the monitoring agent, a chosen target host to receive the virtual machine based on a migration policy, wherein the chosen target host is one of the at least one target hosts that sent the acceptance, sending a confirmation and historical information to the chosen target host, and migrating the virtual machine to the chosen target host. | 09-23-2010 |
20100303075 | MANAGING TRAFFIC ON VIRTUALIZED LANES BETWEEN A NETWORK SWITCH AND A VIRTUAL MACHINE - A computer readable medium comprising software instructions for managing resources on a host, wherein the software instructions comprise functionality to: configure a classifier located on a NIC, to forward packets addressed to a first destination address to a first HRR mapped to a first VNIC, wherein packets addressed to the first destination address are associated with a first PFC lane; configure the classifier to forward packets addressed to a second destination address to a second HRR, wherein packets addressed to the second destination address are associated with a second PFC lane; and transmit, by the first VNIC, a pause frame associated with the first PFC lane to a switch operatively connected to the physical NIC, wherein the switch, in response to receiving the pause frame, stores packets associated with the first PFC lane in a buffer without transmitting the packets. | 12-02-2010 |
20110090910 | ENHANCED VIRTUAL SWITCH - A system and method for providing network connectivity to a host, involving creating a virtual switch on the host, specifying at least one data link attribute of the virtual switch, creating a plurality of virtual network interface cards (VNICs) on the host, associating each of the plurality of VNICs with the virtual switch, and assigning the at least one data link attribute of the virtual switch to each of the plurality of VNICs, where the virtual switch is connected to a physical network interface card (NIC) associated with the host, where each of the plurality of VNICs is associated with a different one of a plurality of execution environments, where the plurality of execution environments is located on the host, and where the plurality of VNICs is located on the host. | 04-21-2011 |
20110093251 | VIRTUALIZING COMPLEX NETWORK TOPOLOGIES - In general, the invention relates to a creating a network model on a host. The invention includes: gathering first component properties associated with a first physical network device on a target network; creating a first container using first component properties; determining that a second physical network device is operatively connected to the first physical network device via a physical network link; gathering second component properties associated with the physical network link; creating a first VNIC associated with the first container; determining that at least one virtual network device is executing on the second physical network device; gathering third component properties associated with the at least one virtual network device; creating a second container, wherein the second container is configured using the third component properties; and creating a second VNIC associated with the second container. | 04-21-2011 |
20120026885 | NOTIFYING NETWORK APPLICATIONS OF RECEIVE OVERFLOW CONDITIONS - A method for notifying a packet destination that includes receiving a packet by a network interface card (NIC), where the packet destination is a destination of the packet, classifying the packet, forwarding the packet to one of a plurality of receive rings on the NIC, determining whether the one of the plurality of receive rings comprises space to store the packet, dropping the packet if the receive ring does not comprise the space to store the packet, and sending a notification message to the packet destination, where the notification message indicates that the packet was dropped by the receive ring. | 02-02-2012 |