Patent application number | Description | Published |
20100040066 | NETWORK ADDRESS LOOKUP BASED ON BLOOM FILTERS - In one embodiment, IP lookup into a routing table having prefixes of different prefix lengths is performed using a Bloom filter that was programmed with the prefixes corresponding to all of the different prefix lengths without having to expand any of the prefixes programmed into the Bloom filter. Membership probes are performed into the Bloom filter using candidate prefix values of a given network address. The Bloom filter can be implemented in a distributed manner using Bloom sub-filters, where each Bloom sub-filter is hashed based on a set of hash functions, where each different hash function in the set corresponds to a different prefix length in the routing table. Each Bloom sub-filter can in turn be implemented using a plurality of practically realizable multi-port memory devices controlled by a port scheduler. False-positive matches can be detected and next-hop information for true-positive matches retrieved using an off-chip, hash-based prefix table. | 02-18-2010 |
20100040067 | HASH FUNCTIONS FOR APPLICATIONS SUCH AS NETWORK ADDRESS LOOKUP - In one embodiment, IP lookup into a routing table having prefixes of different prefix lengths is performed by hashing a candidate prefix value to generate a plurality of hash values, where m seed hash values are generated by applying m seed hash functions and one or more additional hash values are generated by combining two or more of the seed hash values in different ways, e.g., using a bit-wise XOR function. The hash values are used to perform membership probes into a Bloom filter programmed with the prefixes corresponding to all of the different prefix lengths in the routing table without having to expand any of the prefixes programmed into the Bloom filter. | 02-18-2010 |
20100266215 | VARIABLE-STRIDE STREAM SEGMENTATION AND MULTI-PATTERN MATCHING - A variable-stride multi-pattern matching apparatus segments patterns and input streams into variable-size blocks according to a modified winnowing algorithm. The variable-stride pattern segments are used to determine the block-symbol alphabet for a variable-stride discrete finite automaton (VS-DFA) that is used for detecting the patterns in the input streams. Applications include network-intrusion detection and protection systems, genome matching, and forensics. The modification of the winnowing algorithm includes using special hash values to determine the position of delimiters of the patterns and input streams. The delimiters mark the beginnings and ends of the segments. In various embodiments, the patterns are segmented into head, core, and tail blocks. The approach provides for memory, memory-bandwidth, and processor-cycle efficient, deterministic, high-speed, line-rate pattern matching. | 10-21-2010 |
20100269024 | METHOD AND APPARATUS FOR MULTISET MEMBERSHIP TESTING USING COMBINATORIAL BLOOM FILTERS - A method and apparatus providing improved set membership determination and group membership identification of candidate data elements using a single Bloom filter programmed to provide a plurality of non-zero f-bit binary vectors, where each of the f-bit binary vectors is associated with a respective group. The Bloom filter is programmed using one or more (but not all) of a plurality of hash filter sets. | 10-21-2010 |
20100316051 | PACKET PROCESSING USING BRAIDED TRIES - Packets are processed (e.g., routed or classified) in accordance with a braided trie, which represents the combination of two or more different original tries (e.g., representing different forwarding/classification tables). The different tries are combined by twisting the mappings for specific trie nodes to make the shapes of the different tries more similar. Each node in the braided trie contains a braiding bit for at least one original trie indicating the mapping for that trie's node. Trie braiding can significantly reduce the number of nodes used to represent the different original tries, thereby reducing memory usage and improving scalability. Braided tries can be used for such applications as virtual routers and packet classification in which different forwarding/classification tables are represented by a single braided trie stored in shared memory. | 12-16-2010 |
20100322255 | PROVIDING CLOUD-BASED SERVICES USING DYNAMIC NETWORK VIRTUALIZATION - The invention is directed to providing cloud-based services using dynamic network virtualization. Embodiments of the invention provide a cloud-based service over a system that has a dynamic network virtualization architecture. The architecture includes a set of distributed forwarding elements with centralized control, and at least one virtual machine that is bound to one of the forwarding elements. These features enable the virtual machine to be migrated across a wide area network while maintaining its original IP address and service continuity. | 12-23-2010 |
20110090911 | METHOD AND APPARATUS FOR TRANSPARENT CLOUD COMPUTING WITH A VIRTUALIZED NETWORK INFRASTRUCTURE - A capability is provided for providing transparent cloud computing with a virtualized network infrastructure. A method for enabling use of a resource of a data center as an extension of a customer network includes receiving, at a forwarding element (FE), a packet intended for a virtual machine hosted at an edge domain of the data center, determining a VLAN ID of the VLAN for the customer network in the edge domain, updating the packet to include the VLAN ID of the VLAN for the customer network in the edge domain, and propagating the updated packet from the FE toward virtual machine. The edge domain supports a plurality of VLANs for a respective plurality of customer networks. The packet includes an identifier of the customer network and a MAC address of the virtual machine. The VLAN ID of the VLAN for the customer network in the edge domain is determined using the identifier of the customer network and the MAC address of the virtual machine. The FE may be associated with the edge domain at which the virtual machine is hosted, an edge domain of the data center that is different than the edge domain at which the virtual machine is hosted, or the customer network. Depending on the location of the FE at which the packet is received, additional processing may be provided as needed. | 04-21-2011 |
20110137930 | METHOD AND APPARATUS FOR GENERATING A SHAPE GRAPH FROM A BINARY TRIE - A capability is provided for representing a set of data values using data structures, including converting a binary trie data structure representing the set of data values to a shape graph data structure representing the set of data values. The shape graph data structure is generated from the binary trie data structure based on the shapes of the sub-trees rooted at the nodes of the binary trie data structure. The shape graph includes vertices representing shapes of the sub-trees of the binary trie data structure. A shape graph data structure permits operations similar to the operations that may be performed on the binary trie data structure for performing lookups for data values from the set of data values, while at the same time reducing the structural redundancy of the binary trie data structure such that the shape graph data structure provides significant improvements in memory usage over the binary trie data structure. | 06-09-2011 |
20120136846 | METHODS OF HASHING FOR NETWORKS AND SYSTEMS THEREOF - Example embodiments are directed to methods of hashing for networks and systems thereof. At least one example embodiment provides a method of processing elements in a system. The method includes receiving a first element, generating a first plurality of hash values based on the first element and a first plurality of hash functions, determining a first plurality of buckets in a table based on the first plurality of hash values, each of the first plurality of buckets associated with a different one of the hash values, selecting one of the first plurality of buckets, storing a first associated value in the selected bucket, the first associated value being associated with the first element, and encoding an identifier (ID) of the hash function generating the hash value associated with the selected bucket into a filter based on the hash value. | 05-31-2012 |
20130011136 | Apparatus And Method For Protection In A Data Center - A manner of providing redundancy protection for a data center network that is both reliable and low-cost. In a data center network where the data traffic between numerous access nodes and a network core layer via primary aggregation nodes, an optical network device such as and OLT (optical line terminal) is provided as a backup aggregation node for one or more of the primary aggregation nodes. When a communication path through a primary aggregation node fails, traffic is routed through the optical network device. In a preferred embodiment, a communication link is formed from a plurality of access nodes to a single port of the OLT or other optical network device via an optical splitter that combines upstream transmissions and distributes downstream transmissions. The upstream transmissions from the plurality of access nodes may occur according to an allocation schedule generated when the backup aggregation node is needed. | 01-10-2013 |
20130166943 | Method And Apparatus For Energy Efficient Distributed And Elastic Load Balancing - Various embodiments provide a method and apparatus of providing a load balancing configuration that adapts to the overall load and scales the power consumption with the load to improve energy efficiency and scalability. The energy efficient distributed and elastic load balancing architecture includes a collection of multi-tiered servers organized as a tree structure. The handling of incoming service requests is distributed amongst a number of the servers. Each server in the virtual load distribution tree accepts handles incoming service requests based on its own load. Once a predetermined loading on the receiving server has been reached, the receiving server passes the incoming requests to one or more of its children servers. | 06-27-2013 |