FACILITATING INSERTION OF DEVICE MAC ADDRESSES INTO A FORWARDING DATABASE

Techniques are disclosed for hash-based routing table management in a distributed network switch having multiple switch modules. Upon determining that an attempt to insert a first routing entry into a first hash table of the routing table has failed, a second routing entry, which exists in the first hash table, is attempted to be moved to a second hash table of the routing table. If the move attempt is successful, then the first routing entry is added to the location previously occupied by the second routing entry. If the move attempt is unsuccessful, then a third routing entry, which exists in the first hash table, is attempted to be moved. 18.-. (canceled)9. A computer program product for hash-based routing table management in a distributed network switch comprising a plurality of switch modules including a first switch module , the computer program product comprising: computer-readable program code configured to receive, by the first switch module, a first frame having a source address and a destination address, wherein the first switch module comprises a plurality of bridge elements and a routing table, wherein the routing table in the first switch module is shared among the plurality of bridge elements in the first switch module and comprises a plurality of sets of buckets including a first set of buckets and a second set of buckets, wherein each set of buckets is associated with a respective hash function of a plurality of hash functions, wherein each hash function is distinct, wherein each bucket is configured to store a plurality of routing entries; and', move a second routing entry from the first bucket to the second set of buckets; and', 'insert the first routing entry into a first location in the first bucket previously occupied by the second routing entry., 'computer-readable program code configured to, upon determining that an attempt to insert a first routing entry for the source address into a first bucket of the first set of buckets in the routing ...

MANAGEMENT OF ROUTING TABLES SHARED BY LOGICAL SWITCH PARTITIONS IN A DISTRIBUTED NETWORK SWITCH

Techniques are provided for managing a routing table in a distributed network switch. The distributed network switch is divided into logical switch partitions, or logical networks, that may share a routing table. The shared routing table is configured with counters and thresholds to control utilization of the routing table on a per-logical network basis. When counters exceed certain threshold, the routing table is modified to reduce routing entries within the routing table or pause insertion of new routing entries. 1. A computer program product for routing table management in a distributed network switch having a plurality of switch modules including a first switch module , the computer program product comprising: computer-readable program code, executable by the first switch module, configured to receive a first frame having a source address and a destination address, wherein each switch module comprises a plurality of bridge elements and a routing table, wherein the routing table in each switch module is shared among the plurality of bridge elements in the respective switch module, wherein the plurality of switch modules are logically partitioned into a plurality of logical networks, wherein the first frame is associated with a first logical network of the plurality of logical networks;', 'computer-readable program code configured to, upon determining that the routing table of the first switch module does not include a routing entry for the source address, modify the routing table in the first switch module to include a first routing entry having routing information determined for the source address and the first logical network;', 'computer-readable program code configured to update a count of routing entries in the routing table that are associated with the first logical network; and', 'computer-readable program code configured to, upon determining that the count of routing entries associated with the first logical network exceeds a first threshold value ...

Broadcast and Multicast Packet Management

A method, computer program product, and system for managing broadcast packets or multicast packets received by an Ethernet adapter comprising a plurality of logical ports are provided. The method, computer program product, and system provide for a first function operable to register a logical port of the Ethernet adapter as a recipient of any broadcast packet received by the Ethernet adapter satisfying a first predefined criterion and a second function operable to register the logical port of the Ethernet adapter as a recipient of any multicast packet received by the Ethernet adapter satisfying a second predefined criterion, wherein the Ethernet adapter is shared by a plurality of applications executing on a plurality of virtual systems, the first function and the second function being invocable by an application assigned to the logical port.

PRIORITY RESOLUTION FOR ACCESS CONTROL LIST POLICIES IN A NETWORKING DEVICE

Access control lists (ACLs) permit network administrators to manage network traffic flowing through a networking element to optimize network security, performance, quality of service (QoS), and the like. If a networking element has multiple ACLs directed towards different types of network optimization, each ACL may return a separate action set that identifies one or more actions the networking element should perform based on a received frame. In some cases, these action sets may conflict. To resolve the conflicts, a networking element may include resolution logic that selects one of the conflicting actions based on a predefined precedence value assigned to each action in an action set. By comparing the different precedence values, the resolution logic generates a new action set based on the actions with the highest precedence value.

Atomically updating ternary content addressable memory-based access control lists

Embodiments described herein provide techniques for atomically updating a ternary content addressable memory (TCAM)-based access control list (ACL). According to one embodiment, a current version bit of the ACL is determined. The current version bit indicates that a rule in the ACL is active is the version flag in the rule matches the current version bit. Through these techniques, a first set of rules can be modified to create a second set of rules (e.g., by insertions, deletions, and replacements, etc.).

Multicore communication processing

Mechanisms for processing of communications between data processing devices are provided. With the mechanisms of the illustrative embodiments, a set of techniques that enables sustaining media speed by distributing transmit and receive-side processing over multiple processing cores is provided. In addition, these techniques also enable designing multi-threaded network interface controller (NIC) hardware that efficiently hides the latency of direct memory access (DMA) operations associated with data packet transfers over an input/output (I/O) bus. Multiple processing cores may operate concurrently using separate instances of a communication protocol stack and device drivers to process data packets for transmission with separate hardware implemented send queue managers in a network adapter processing these data packets for transmission. Multiple hardware receive packet processors in the network adapter may be used, along with a flow classification engine, to route received data packets to ...

Hashing-based routing table management

Techniques are provided for hash-based routing table management in a distributed network switch. A frame having a source address and a destination address is received. If no routing entry for the source address is found in a routing table of a switch module in the distributed network switch, routing information is determined for the source address and a routing entry is generated. The routing table is modified to include the routing entry and based on a set of hash functions.

Merging Result from a Parser in a Network Processor with Result from an External Coprocessor

A mechanism is provided for merging in a network processor results from a parser and results from an external coprocessor providing processing support requested by said parser. The mechanism enqueues in a result queue both parser results needing to be merged with a coprocessor result and parser results which have no need to be merged with a coprocessor result. An additional queue is used to enqueue the addresses of the result queue where the parser results are stored. The result from the coprocessor is received in a simple response register. The coprocessor result is read by the result queue management logic from the response register and merged to the corresponding incomplete parser result read in the result queue at the address enqueued in the additional queue. 1. A method for managing in a network processor results from a parser analyzing an incoming data packet , the method comprising:enqueueing in a result queue a parser result coming from the parser, wherein the parser result indicates whether the parser result is complete or needs to be completed by a coprocessor result;enqueuing in an additional queue an entry containing an address of the entry in the result queue and the indication that the parser result is complete or needs to be completed;determining whether a first entry in the additional queue refers to a parser result to be completed; andresponsive to determining the first entry in the additional queue refers to a parser result to be completed, responsive to receiving a coprocessor result in a response register, merging the coprocessor result from the response register with a parser result read from the result queue using the address from the first entry in the additional queue to form a completed result, writing the completed result in the result queue, and exposing the completed result to a dequeue and sequential sending process for further processing by the network processor.2. (canceled)3. The method of further comprising:testing whether a cyclical ...

Merging Result from a Parser in a Network Processor with Result from an External Coprocessor

A mechanism is provided for merging in a network processor results from a parser and results from an external coprocessor providing processing support requested by said parser. The mechanism enqueues in a result queue both parser results needing to be merged with a coprocessor result and parser results which have no need to be merged with a coprocessor result. An additional queue is used to enqueue the addresses of the result queue where the parser results are stored. The result from the coprocessor is received in a simple response register. The coprocessor result is read by the result queue management logic from the response register and merged to the corresponding incomplete parser result read in the result queue at the address enqueued in the additional queue. 1. A method for managing in a network processor results from a parser analyzing an incoming data packet , method comprising:enqueueing in a result queue a parser result coming from the parser, wherein the parser result indicates whether the parser result is complete or needs to be completed by a coprocessor result;enqueuing in an additional queue an entry containing an address of the entry in the result queue and the indication that the parser result is complete or needs to be completed;determining whether a first entry in the additional queue refers to a parser result to be completed; andresponsive to determining the first entry in the additional queue refers to a parser result to be completed, responsive to receiving a coprocessor result in a response register, merging the coprocessor result from the response register with a parser result read from the result queue using the address from the first entry in the additional queue to form a completed result, writing the completed result in the result queue, and exposing the completed result to a dequeue and sequential sending process for further processing by the network processor.2. The method of claim 1 , further comprising:responsive to determining the ...

Broadcast and multicast packet management

A method, computer program product, and system for managing broadcast packets or multicast packets received by an Ethernet adapter comprising a plurality of logical ports are provided. The method, computer program product, and system provide for a first function operable to register a logical port of the Ethernet adapter as a recipient of any broadcast packet received by the Ethernet adapter satisfying a first predefined criterion and a second function operable to register the logical port of the Ethernet adapter as a recipient of any multicast packet received by the Ethernet adapter satisfying a second predefined criterion, wherein the Ethernet adapter is shared by a plurality of applications executing on a plurality of virtual systems, the first function and the second function being invocable by an application assigned to the logical port.

FLOW DISTRIBUTION ALGORITHM FOR AGGREGATED LINKS IN AN ETHERNET SWITCH

Link aggregation is a practice that uses multiple Ethernet links between two end points in order to obtain higher bandwidth and resiliency than possible with a single link. A flow distribution technique is provided to distribute traffic between the two end points equally across all links in the group and achieve greater efficiency. The flow distribution technique generates and sub-divides a hash value based on received packet flow. The divided portions of the hash value are used in a hierarchical fashion to select a link to use for this packet. 1. A method for forwarding a data frame through a distributed network switch , the method comprising:generating a hash value based on routing information of a data frame;dividing the hash value into a plurality of chunks, wherein values of the plurality of chunks correspond to a plurality of links associated with a link aggregation group;determining a selected link having an up state from the plurality of links based on a hierarchical order of the plurality of chunks; andforwarding the data frame to the selected link.2. The method of claim 1 , wherein the dividing the hash value into a plurality of chunks further comprises modifying each of the plurality of chunks based on a number of the plurality of links.3. The method of claim 2 , wherein modifying a chunk further comprises reducing a most significant bit of the chunk based on the number of the plurality of links.4. The method of claim 1 , wherein the determining the selected link having an up state based on the hierarchical order of the plurality of chunks further comprises:responsive to determining a first chunk of the plurality of chunks is within range of a number of the plurality of links and the first chunk corresponds to a first link having an up state, selecting the first link.5. The method of claim 4 , further comprising:responsive to determining the first chunk of the plurality of chunks is not within range of a number of the plurality of links or the first chunk ...

Providing to a parser and processors in a network processor access to an external coprocessor

A mechanism is provided for sharing a communication used by a parser (parser path) in a network adapter of a network processor for sending requests for a process to be executed by an external coprocessor. The parser path is shared by processors of the network processor (software path) to send requests to the external processor. The mechanism uses for the software path a request mailbox comprising a control address and a data field accessed by MMIO for sending two types of messages, one message type to read or write resources and one message type to trigger an external process in the coprocessor and a response mailbox for receiving response from the external coprocessor comprising a data field and a flag field. The other processors of the network poll the flag until set and get the coprocessor result in the data field.

USING SPECIAL-CASE HARDWARE UNITS FOR FACILITATING ACCESS CONTROL LISTS ON A NETWORKING ELEMENT

Access control lists (ACLs) include one or more rules that each define a condition and one or more actions to be performed if the condition is satisfied. In one embodiment, the conditions are stored on a ternary content-addressable memory (TCAM), which receives a portion of network traffic, such as a frame header, and compares different portions of the header to entries in the TCAM. If the frame header satisfies the condition, the TCAM reports the match to other elements in the ACL. For certain conditions, the TCAM may divide the condition into a plurality of sub-conditions which are each stored in a row of the TCAM. To efficiently use the limited space in TCAM, the networking element may include one or more comparator units which check for special-case conditions. The comparator units may be used in lieu of the TCAM to determine whether the condition is satisfied.

Ethernet adapter packet management

A method, computer program product, and system for managing packets received by an Ethernet adapter shared by a plurality of threads are provided. The method, computer program product, and system provide for a first function operable to add a connection to a connection table of the Ethernet adapter and associate the connection with a queue pair and a second function operable to remove the connection from the connection table of the Ethernet adapter, wherein the Ethernet adapter is operable to route any packet corresponding to the connection received by the Ethernet adapter to the queue pair associated with the connection responsive to the connection being in the connection table.

Method for caching lookups based upon TCP traffic flow characteristics

The classification system of a network device includes a cache in which a mapping between predefined characteristics of TCP/IP packets and associated actions are stored in response to the first "Frequent Flyer" packet in of a session. Selected characteristics from subsequent received packets of that session are correlated with the predefined characteristics and the stored actions are applied to the received packets if the selected characteristics and the predefined characteristics match, thus reducing the processing required for subsequent packets. The packets selected for caching may be data packets. For mismatched characteristics, the full packet search of the classification system is used to determine the action to apply to the received packet.

Facilitating insertion of device MAC addresses into a forwarding database

Techniques are disclosed for hash-based routing table management in a distributed network switch having multiple switch modules. Upon determining that an attempt to insert a first routing entry into a first hash table of the routing table has failed, a second routing entry, which exists in the first hash table, is attempted to be moved to a second hash table of the routing table. If the move attempt is successful, then the first routing entry is added to the location previously occupied by the second routing entry. If the move attempt is unsuccessful, then a third routing entry, which exists in the first hash table, is attempted to be moved.

Atomically updating ternary content addressable memory-based access control lists

Embodiments described herein provide techniques for atomically updating a ternary content addressable memory (TCAM)-based access control list (ACL). According to one embodiment, a current version bit of the ACL is determined. The current version bit indicates that a rule in the ACL is active is the version flag in the rule matches the current version bit. Through these techniques, a first set of rules can be modified to create a second set of rules (e.g., by insertions, deletions, and replacements, etc.).

Packet routing with analysis assist for embedded applications sharing a single network interface over multiple virtual networks

Techniques are provided for packet routing in a distributed network switch. The distributed network switch includes multiple switch modules operatively connected to one another, and each switch module includes multiple bridge elements and a management controller. In one embodiment, a shared interface routing (SIR) framework is provided that includes an analysis and bifurcation layer, at least one packet interface, and an analysis assist layer. A packet is received over a first logical network and via a physical port, the packet being destined for at least a first application executing on the management controller. The analysis assist layer analyzes the packet to determine a reason code to assign to the packet. The analysis and bifurcation layer then analyzes the packet based at least in part on the reason code.

Packet routing with analysis assist for embedded applications sharing a single network interface over multiple virtual networks

Techniques are provided for packet routing in a distributed network switch. The distributed network switch includes multiple switch modules operatively connected to one another, and each switch module includes multiple bridge elements and a management controller. In one embodiment, a shared interface routing (SIR) framework is provided that includes an analysis and bifurcation layer, at least one packet interface, and an analysis assist layer. A packet is received over a first logical network and via a physical port, the packet being destined for at least a first application executing on the management controller. The analysis assist layer analyzes the packet to determine a reason code to assign to the packet. The analysis and bifurcation layer then analyzes the packet based at least in part on the reason code.

SELECTION OF RECEIVE-QUEUE BASED ON PACKET ATTRIBUTES

According to embodiments of the invention, there is provided a method, a system, and a computer program product for operating a network processor. The network processor processing a received data packet by reading a flow identification in the data packet; determining a quality of service criteria (QoSC) for the data packet; mapping the flow identification and the QoSC into an index for selecting a receive-queue for routing the data packet; and utilizing the index to route the data packet to the receive-queue. 1. A method for routing a data packet to a receive queue in a network processor comprising:processing a received data packet by reading a flow identification in the data packet;determining a quality of service criteria (QoSC) for the data packet;mapping the flow identification and the QoSC into an index for selecting a receive-queue in a set of receive-queues adapted to store receive data packets for routing the data packet; andutilizing the index to route the data packet to the receive-queue.2. The method of further comprising:utilizing a hashing function against the flow identification to construct the index.3. The method of further comprising:utilizing a classification function accessing a ternary content addressable memory (TCAM) for the data packet.4. The method of further comprising:utilizing a QoSC function for identifying the QoSC.5. The method of further comprising:utilizing a parser for decoding the data packet; andsending a set of information to a set of other processing units for further processing.6. The method of claim 5 , wherein the set of information further comprising:including a logical port identification and a logical port configuration table.7. A system for routing a data packet to a receive queue in a network processor comprising:a processor;a receiving unit running on the processor configured for receiving a stream of data packets;a set of receiving-queues configured for storing received data packets;a selecting unit configured to ...

Ethernet Adapter Packet Management

A method, computer program product, and system for managing packets received by an Ethernet adapter shared by a plurality of threads are provided. The method, computer program product, and system provide for a first function operable to add a connection to a connection table of the Ethernet adapter and associate the connection with a queue pair and a second function operable to remove the connection from the connection table of the Ethernet adapter, wherein the Ethernet adapter is operable to route any packet corresponding to the connection received by the Ethernet adapter to the queue pair associated with the connection responsive to the connection being in the connection table.

FACILITATING INSERTION OF DEVICE MAC ADDRESSES INTO A FORWARDING DATABASE

Techniques are disclosed for hash-based routing table management in a distributed network switch having multiple switch modules. Upon determining that an attempt to insert a first routing entry into a first hash table of the routing table has failed, a second routing entry, which exists in the first hash table, is attempted to be moved to a second hash table of the routing table. If the move attempt is successful, then the first routing entry is added to the location previously occupied by the second routing entry. If the move attempt is unsuccessful, then a third routing entry, which exists in the first hash table, is attempted to be moved. 1. A computer-implemented method of hash-based routing table management in a distributed network switch comprising a plurality of switch modules including a first switch module , the method comprising:receiving, by the first switch module, a first frame having a source address and a destination address, wherein the first switch module comprises a plurality of bridge elements and a routing table, wherein the routing table in the first switch module is shared among the plurality of bridge elements in the first switch module and comprises a plurality of sets of buckets including a first set of buckets and a second set of buckets, wherein each set of buckets is associated with a respective hash function of a plurality of hash functions, wherein each hash function is distinct, wherein each bucket is configured to store a plurality of routing entries; and moving a second routing entry from the first bucket to the second set of buckets; and', 'inserting the first routing entry into a first location in the first bucket previously occupied by the second routing entry., 'upon determining that an attempt to insert a first routing entry for the source address into a first bucket of the first set of buckets in the routing table is unsuccessful and by operation of one or more computer processors2. The computer-implemented method of claim 1 , ...

Using special-case hardware units for facilitating access control lists on a networking element

Access control lists (ACLs) include one or more rules that each define a condition and one or more actions to be performed if the condition is satisfied. In one embodiment, the conditions are stored on a ternary content-addressable memory (TCAM), which receives a portion of network traffic, such as a frame header, and compares different portions of the header to entries in the TCAM. If the frame header satisfies the condition, the TCAM reports the match to other elements in the ACL. For certain conditions, the TCAM may divide the condition into a plurality of sub-conditions which are each stored in a row of the TCAM. To efficiently use the limited space in TCAM, the networking element may include one or more comparator units which check for special-case conditions. The comparator units may be used in lieu of the TCAM to determine whether the condition is satisfied.

Flow distribution algorithm for aggregated links in an ethernet switch

Link aggregation is a practice that uses multiple Ethernet links between two end points in order to obtain higher bandwidth and resiliency than possible with a single link. A flow distribution technique is provided to distribute traffic between the two end points equally across all links in the group and achieve greater efficiency. The flow distribution technique generates and sub-divides a hash value based on received packet flow. The divided portions of the hash value are used in a hierarchical fashion to select a link to use for this packet.

Sliced routing table management with replication

Techniques are provided for hash-based routing table management in a distributed network switch. A frame having a source address and a destination address is received by a switch module having bridge elements and a routing table divided into slices of buckets, each slice having a respective property and including one or more buckets. If a routing entry for the source address is found in a first slice of a first set of buckets of the routing table responsive to a lookup request for the source address, and the property of the first slice satisfies a replication condition, then the routing entry is replicated to a second set of buckets of the routing table.

Configurable ports for a host ethernet adapter

A system and method in accordance with the present invention allows for an adapter to be utilized in a server environment that can accommodate both a 10 G and a 1 G source utilizing the same pins. This is accomplished through the use of a high speed serializer/deserializer (high speed serdes) which can accommodate both data sources. The high speed serdes allows for the use of a relatively low reference clock speed on the NIC to provide the proper clocking of the data sources and also allows for different modes to be set to accommodate the different data sources. Finally the system allows for the adapter to use the same pins for multiple data sources.

PACKET ROUTING WITH ANALYSIS ASSIST FOR EMBEDDED APPLICATIONS SHARING A SINGLE NETWORK INTERFACE OVER MULTIPLE VIRTUAL NETWORKS

Techniques are provided for packet routing in a distributed network switch. The distributed network switch includes multiple switch modules operatively connected to one another, and each switch module includes multiple bridge elements and a management controller. In one embodiment, a shared interface routing (SIR) framework is provided that includes an analysis and bifurcation layer, at least one packet interface, and an analysis assist layer. A packet is received over a first logical network and via a physical port, the packet being destined for at least a first application executing on the management controller. The analysis assist layer analyzes the packet to determine a reason code to assign to the packet. The analysis and bifurcation layer then analyzes the packet based at least in part on the reason code. 1. A computer-implemented method for packet routing in a distributed network switch , the distributed network switch comprising a plurality of switch modules operatively connected to one another , each switch module including a plurality of bridge elements and a management controller , wherein the method comprises:providing, by the distributed network switch, a shared interface routing (SIR) framework that includes an analysis and bifurcation layer, at least one packet interface, and an analysis assist layer;receiving, by the first packet interface, a packet from a first logical network and via a physical port, destined for at least a first application executing on the management controller, wherein the physical port is configured to be shared between a plurality of applications executing on the management controller to send or receive traffic over a plurality of logical networks, wherein the plurality of logical networks includes the first logical network;analyzing, by the analysis assist layer of the SIR framework, the packet to determine a reason code to assign to the packet; andanalyzing, by the analysis and bifurcation layer of the SIR framework, the ...

SLICED ROUTING TABLE MANAGEMENT

Techniques are provided for hash-based routing table management in a distributed network switch. A frame having a source address and a destination address is received. If no routing entry for the source address is found in a routing table of a switch module in the distributed network switch, where the routing table is divided into slices of buckets, then routing information is determined for the source address and a routing entry is generated. The routing table is modified to include the routing entry and based on a set of hash functions and properties of the slices.

Using special-case hardware units for facilitating access control lists on a networking element

Access control lists (ACLs) include one or more rules that each define a condition and one or more actions to be performed if the condition is satisfied. In one embodiment, the conditions are stored on a ternary content-addressable memory (TCAM), which receives a portion of network traffic, such as a frame header, and compares different portions of the header to entries in the TCAM. If the frame header satisfies the condition, the TCAM reports the match to other elements in the ACL. For certain conditions, the TCAM may divide the condition into a plurality of sub-conditions which are each stored in a row of the TCAM. To efficiently use the limited space in TCAM, the networking element may include one or more comparator units which check for special-case conditions. The comparator units may be used in lieu of the TCAM to determine whether the condition is satisfied.

Synchronizing routing tables in a distributed network switch

Techniques are provided for routing table synchronization for a distributed network switch. In one embodiment, a first frame having a source address and a destination address is received. If no routing entry for the source address is found in a routing table of a first switch module, routing information is determined for the source address and a routing entry is generated. An indication is sent to a second switch module, to request a routing entry for the source address to be generated in the second switch module, based on the routing information.

Smart dumping of network switch forwarding database

Techniques are provided for retrieving entries from a routing table or a forwarding database in a distributed network switch. The forwarding database includes match and mask registers used to compare routing entries and return matching routing entries to a requesting management controller. The forwarding database uses a separate timeout value associated with the forwarding database to avoid timeout errors for general register operations, and allows for an asynchronous dump operation of routing entries.

Method and system for supporting a dedicated label switched path for a virtual private network over a label switched communication network

A system and method for transmitting data from a first site to a second site over a shared Multi-Protocol Label Switched (MPLS) network comprising a plurality of routers, including an ingress router in communication with the first site and an egress router in communication with the second site, includes configuring a plurality of label switching paths between the ingress router and the egress router over a plurality of label switching devices. The method further includes performing a first lookup on one of at least one virtual routing and forwarding (VRF) table stored in the ingress router, whereby the first lookup identifies one routing table from a plurality of routing tables stored in the ingress router, each routing table being associated with one of the plurality of label switched paths, and performing a second lookup on the one routing table, wherein the routing table defines the associated label switched path between the ingress router and the egress router for a virtual private ...

Sliced routing table management with replication

Techniques are provided for hash-based routing table management in a distributed network switch. A frame having a source address and a destination address is received by a switch module having bridge elements and a routing table divided into slices of buckets, each slice having a respective property and including one or more buckets. If a routing entry for the source address is found in a first slice of a first set of buckets of the routing table responsive to a lookup request for the source address, and the property of the first slice satisfies a replication condition, then the routing entry is replicated to a second set of buckets of the routing table.

Smart dumping of network switch forwarding database

Techniques are provided for retrieving entries from a routing table or a forwarding database in a distributed network switch. The forwarding database includes match and mask registers used to compare routing entries and return matching routing entries to a requesting management controller. The forwarding database uses a separate timeout value associated with the forwarding database to avoid timeout errors for general register operations, and allows for an asynchronous dump operation of routing entries.

CACHED ROUTING TABLE MANAGEMENT

Techniques are provided for cached routing table management in a distributed network switch. A frame having a source address and a destination address is received. If no routing entry for the source address is found in a routing table of a switch module in the distributed network switch, then routing information is determined for the source address and a routing entry is generated. The routing table is modified to include the routing entry, based on a set of hash functions. Upon accessing the generated routing entry in the modified routing table responsive to a subsequent lookup request for the source address, the set of caches is modified to include the generated routing entry. 1. A computer-implemented method for hash-based routing table management in a distributed network switch comprising a plurality of switch modules including a first switch module , the method comprising:receiving, by the first switch module, a first frame having a source address and a destination address, wherein the first switch module comprises a plurality of bridge elements and a routing table, wherein the routing table in the first switch module is shared among the plurality of bridge elements in the first switch module and includes a plurality of sets of buckets, wherein each set of buckets is associated with a respective hash function of a plurality of hash functions, wherein at least a first bridge element of the plurality of bridge elements has an associated set of caches;upon determining that the routing table in the first switch module does not include a routing entry for the source address, generating a routing entry for the source address, based on routing information determined for the source address, wherein the routing table in the first switch module is modified, based on the plurality of hash functions, to include the routing entry generated for the source address; andupon accessing the generated routing entry in the modified routing table responsive to a subsequent lookup ...

HASHING-BASED ROUTING TABLE MANAGEMENT

Techniques are provided for hash-based routing table management in a distributed network switch. A frame having a source address and a destination address is received. If no routing entry for the source address is found in a routing table of a switch module in the distributed network switch, routing information is determined for the source address and a routing entry is generated. The routing table is modified to include the routing entry and based on a set of hash functions. 1. A computer-implemented method for hash-based routing table management in a distributed network switch comprising a plurality of switch modules including a first switch module , the method comprising:receiving, by the first switch module, a first frame having a source address and a destination address, wherein the first switch module comprises a plurality of bridge elements and a routing table, wherein the routing table in the first switch module is shared among the plurality of bridge elements in the first switch module and includes a plurality of sets of buckets, wherein each set of buckets is associated with a respective hash function of a plurality of hash functions;upon determining that the routing table in the first switch module does not include a routing entry for the source address, generating a routing entry for the source address, based on routing information determined for the source address; andmodifying the routing table in the first switch module based on the plurality of hash functions, to include the routing entry generated for the source address.2. The computer-implemented method of claim 1 , wherein each hash function is distinct claim 1 , wherein each bucket stores a plurality of routing entries claim 1 , wherein each set of buckets is stored in a respective hash table of the routing table in the first switch module.3. The computer-implemented method of claim 2 , wherein the generated routing entry stores a routing key included within a header of the first frame claim 2 , ...

Management of routing tables shared by logical switch partitions in a distributed network switch

Techniques are provided for managing a routing table in a distributed network switch. The distributed network switch is divided into logical switch partitions, or logical networks, that may share a routing table. The shared routing table is configured with counters and thresholds to control utilization of the routing table on a per-logical network basis. When counters exceed certain threshold, the routing table is modified to reduce routing entries within the routing table or pause insertion of new routing entries.

IDENTIFICATION OF QOS CLASSIFICATION BASED ON PACKET ATTRIBUTES

A method, a system, and a computer program product is disclosed for identifying a quality of service (QoS) classification of a packet in a network by a network processor. The method comprising: providing a table wherein a priority value with a maximum of N values is used as an index into the table to retrieve a QoS classification having a maximum of M values with M less than N; receiving a data packet in a stream of data packets; extracting at least two priority indicator values from the packet; converting the at least two priority indicator values into a priority value; utilizing the priority value as an index into the table; extracting the entry in the table corresponding to the priority value as the QoS classification of the packet; and utilizing the QoS classification for subsequent processing of the data packet.

Sliced routing table management

Techniques are provided for hash-based routing table management in a distributed network switch. A frame having a source address and a destination address is received. If no routing entry for the source address is found in a routing table of a switch module in the distributed network switch, where the routing table is divided into slices of buckets, then routing information is determined for the source address and a routing entry is generated. The routing table is modified to include the routing entry and based on a set of hash functions and properties of the slices.

APPARATUS AND METHOD FOR CACHING LOOKUPS BASED UPON TCP TRAFFIC FLOW CHARACTERISTICS

The classification system of a network device includes a cache in which a mapping between predefined characteristics of TCP/IP packets and associated actions are stored in response to the first “Frequent Flyer” packet in of a session. Selected characteristics from subsequent received packets of that session are correlated with the predefined characteristics and the stored actions are applied to the received packets if the selected characteristics and the predefined characteristics match, thus reducing the processing required for subsequent packets. The packets selected for caching may be data packets. For mismatched characteristics, the full packet search of the classification system is used to determine the action to apply to the received packet.

Techniques for connecting an external network coprocessor to a network processor packet parser

A network processor includes first communication protocol ports that each support M minimum size packet data path traffic on N lanes at S Gigabits per second (Gbps) and traffic with different communication protocol units on n additional lanes at s Gbps. The first communication protocol ports support access to an external coprocessor using parsing logic located in each of the first communication protocol ports. The parsing logic, during a parsing period, is configured to send a request to the external coprocessor at reception of a M size packet and to receive a response from the external coprocessor. The parsing logic sends a request maximum m size byte word to the external coprocessor on one of the additional lanes and receives a response maximum m size byte word from the external coprocessor on the one of the additional lanes while complying with the equation N×S/M= Подробнее

Techniques for Connecting an External Network Coprocessor to a Network Processor Packet Parser

A network processor includes first communication protocol ports that each support ‘M’ minimum size packet data path traffic on ‘N’ lanes at ‘S’ Gigabits per second (Gbps) and traffic with different communication protocol units on ‘n’ additional lanes at ‘s’ Gbps. The first communication protocol ports support access to an external coprocessor using parsing logic located in each of the first communication protocol ports. The parsing logic, during a parsing period, is configured to send a request to the external coprocessor at reception of a ‘M’ size packet and to receive a response from the external coprocessor. The parsing logic sends a request maximum ‘m’ size byte word to the external coprocessor on one of the additional lanes and receives a response maximum ‘m’ size byte word from the external coprocessor on the one of the additional lanes while complying with the equation N×S/M= Подробнее

PRIORITY RESOLUTION FOR ACCESS CONTROL LIST POLICIES IN A NETWORKING DEVICE

Access control lists (ACLs) permit network administrators to manage network traffic flowing through a networking element to optimize network security, performance, quality of service (QoS), and the like. If a networking element has multiple ACLs directed towards different types of network optimization, each ACL may return a separate action set that identifies one or more actions the networking element should perform based on a received frame. In some cases, these action sets may conflict. To resolve the conflicts, a networking element may include resolution logic that selects one of the conflicting actions based on a predefined precedence value assigned to each action in an action set. By comparing the different precedence values, the resolution logic generates a new action set based on the actions with the highest precedence value.

System and Method for Multicore Communication Processing

A system and method for multicore processing of communications between data processing devices are provided. With the mechanisms of the illustrative embodiments, a set of techniques that enables sustaining media speed by distributing transmit and receive-side processing over multiple processing cores is provided. In addition, these techniques also enable designing multi-threaded network interface controller (NIC) hardware that efficiently hides the latency of direct memory access (DMA) operations associated with data packet transfers over an input/output (I/O) bus. Multiple processing cores may operate concurrently using separate instances of a communication protocol stack and device drivers to process data packets for transmission with separate hardware implemented send queue managers in a network adapter processing these data packets for transmission. Multiple hardware receive packet processors in the network adapter may be used, along with a flow classification engine, to route received ...

Selection of receive-queue based on packet attributes

According to embodiments of the invention, there is provided a method for operating a network processor. The network processor receiving a first data packet in a stream of data packets and a set of receive-queues adapted to store receive data packets. The network processor processing the first data packet by reading a flow identification in the first data packet; determining a quality of service for the first data packet; mapping the flow identification and the quality of service into an index for selecting a first receive-queue for routing the first data packet; and utilizing the index to route the first data packet to the first receive-queue.

Host Ethernet Adapter for Handling Both Endpoint and Network Node Communications

A host Ethernet adapter (HEA) and method of managing network communications is provided. The HEA includes a host interface configured for communication with a multi-core processor over a processor bus. The host interface comprises a receive processing element including a receive processor, a receive buffer and a scheduler for dispatching packets from the receive buffer to the receive processor; a send processing element including a send processor and a send buffer; and a completion queue scheduler (CQS) for dispatching completion queue elements (CQE) from the head of the completion queue (CQ) to threads of the multi-core processor in a network node mode. The method comprises operatively coupling an Ethernet adapter to a multi-core processor system via a processor bus, selectively assigning a first plurality of packets to a first queue pair for servicing in an endpoint mode, running a device driver on the multi-core processing system, the device driver controlling the servicing of the first queue pair by dispatching the first plurality of packets to only one processor core of the multi-core processor system, selectively assigning a second plurality of packets to a second queue pair for servicing in a network node mode; and the Ethernet adapter controlling the servicing of the second queue pair by dispatching the second plurality of packets to multiple processor threads. 1. A method of managing network communications , comprising:operatively coupling an Ethernet adapter to a multi-core processor system via a processor bus;selectively assigning a first plurality of packets to a first queue pair for servicing in an endpoint mode;running a device driver on the multi-core processing system, the device driver controlling the servicing of the first queue pair by dispatching the first plurality of packets to only one processor core of the multi-core processor system;selectively assigning a second plurality of packets to a second queue pair for servicing in a network node ...

CACHED ROUTING TABLE MANAGEMENT

Techniques are provided for cached routing table management in a distributed network switch. A frame having a source address and a destination address is received. If no routing entry for the source address is found in a routing table of a switch module in the distributed network switch, then routing information is determined for the source address and a routing entry is generated. The routing table is modified to include the routing entry, based on a set of hash functions. Upon accessing the generated routing entry in the modified routing table responsive to a subsequent lookup request for the source address, the set of caches is modified to include the generated routing entry. 17.-. (canceled)8. A computer-readable storage medium containing a program which , when executed , performs an operation for hash-based routing table management in a distributed network switch comprising a plurality of switch modules including a first switch module , the operation comprising:receiving, by the first switch module, a first frame having a source address and a destination address, wherein the first switch module comprises a plurality of bridge elements and a routing table, wherein the routing table in the first switch module is shared among the plurality of bridge elements in the first switch module and includes a plurality of sets of buckets, wherein each set of buckets is associated with a respective hash function of a plurality of hash functions, wherein at least a first bridge element of the plurality of bridge elements has an associated set of caches;upon determining that the routing table in the first switch module does not include a routing entry for the source address, generating a routing entry for the source address, based on routing information determined for the source address, wherein the routing table in the first switch module is modified, based on the plurality of hash functions, to include the routing entry generated for the source address; andupon accessing the ...

Priority Based Flow Control Within a Virtual Distributed Bridge Environment

Systems and methods to communicate data frames are provided. A particular apparatus may include a first adapter having a first queue configured to store a data frame associated with a first priority. The adapter is configured to generate a first priority pause frame. A distributed virtual bridge may be coupled to the first adapter. The distributed virtual bridge may include an integrated switch router and a first transport layer module configured to provide a frame-based interface to the integrated switch router. The transport layer module may include a first buffer associated with the first priority. A first bridge element of the distributed virtual bridge may be coupled to the first adapter queue and to the first transport layer module. The first bridge element is configured to receive the first priority pause frame from the adapter and to communicate an interrupt signal to the first transport layer module to interrupt delivery of the data frame to the first queue.

SLICED ROUTING TABLE MANAGEMENT WITH REPLICATION

Techniques are provided for hash-based routing table management in a distributed network switch. A frame having a source address and a destination address is received by a switch module having bridge elements and a routing table divided into slices of buckets, each slice having a respective property and including one or more buckets. If a routing entry for the source address is found in a first slice of a first set of buckets of the routing table responsive to a lookup request for the source address, and the property of the first slice satisfies a replication condition, then the routing entry is replicated to a second set of buckets of the routing table. 17.-. (canceled)8. A computer-readable storage medium containing a program which , when executed , performs an operation for hash-based routing table management in a distributed network switch comprising a plurality of switch modules including a first switch module , the operation comprising:receiving, by the first switch module, a first frame having a source address and a destination address, wherein the first switch module comprises a plurality of bridge elements and a routing table, wherein the routing table in the first switch module is shared among the plurality of bridge elements in the first switch module and includes a plurality of sets of buckets, wherein each set of buckets is associated with a respective hash function of a plurality of hash functions, wherein each set of buckets is divided into a plurality of subgroups of buckets, each subgroup having a respective property; andupon accessing a routing entry for the source address in a first subgroup of a first set of buckets of the routing table responsive to a first subsequent lookup request for the source address, and determining that the property of the first subgroup satisfies a replication condition, replicating the accessed routing entry to at least a second set of buckets of the routing table.9. The computer-readable storage medium of claim 8 , ...

Merging result from a parser in a network processor with result from an external coprocessor

A mechanism is provided for merging in a network processor results from a parser and results from an external coprocessor providing processing support requested by said parser. The mechanism enqueues in a result queue both parser results needing to be merged with a coprocessor result and parser results which have no need to be merged with a coprocessor result. An additional queue is used to enqueue the addresses of the result queue where the parser results are stored. The result from the coprocessor is received in a simple response register. The coprocessor result is read by the result queue management logic from the response register and merged to the corresponding incomplete parser result read in the result queue at the address enqueued in the additional queue.

Flow distribution algorithm for aggregated links in an ethernet switch

Link aggregation is a practice that uses multiple Ethernet links between two end points in order to obtain higher bandwidth and resiliency than possible with a single link. A flow distribution technique is provided to distribute traffic between the two end points equally across all links in the group and achieve greater efficiency. The flow distribution technique generates and sub-divides a hash value based on received packet flow. The divided portions of the hash value are used in a hierarchical fashion to select a link to use for this packet.

SLICED ROUTING TABLE MANAGEMENT WITH REPLICATION

Techniques are provided for hash-based routing table management in a distributed network switch. A frame having a source address and a destination address is received by a switch module having bridge elements and a routing table divided into slices of buckets, each slice having a respective property and including one or more buckets. If a routing entry for the source address is found in a first slice of a first set of buckets of the routing table responsive to a lookup request for the source address, and the property of the first slice satisfies a replication condition, then the routing entry is replicated to a second set of buckets of the routing table. 1. A computer-implemented method for hash-based routing table management in a distributed network switch comprising a plurality of switch modules including a first switch module , the method comprising:receiving, by the first switch module, a first frame having a source address and a destination address, wherein the first switch module comprises a plurality of bridge elements and a routing table, wherein the routing table in the first switch module is shared among the plurality of bridge elements in the first switch module and includes a plurality of sets of buckets, wherein each set of buckets is associated with a respective hash function of a plurality of hash functions, wherein each set of buckets is divided into a plurality of subgroups of buckets, each subgroup having a respective property; andupon accessing a routing entry for the source address in a first subgroup of a first set of buckets of the routing table responsive to a first subsequent lookup request for the source address, and determining that the property of the first subgroup satisfies a replication condition, replicating the accessed routing entry to at least a second set of buckets of the routing table.2. The computer-implemented method of claim 1 , wherein each subgroup includes one or more buckets claim 1 , wherein the routing entry is ...

Sliced routing table management with replication

Techniques are provided for hash-based routing table management in a distributed network switch. A frame having a source address and a destination address is received by a switch module having bridge elements and a routing table divided into slices of buckets, each slice having a respective property and including one or more buckets. If a routing entry for the source address is found in a first slice of a first set of buckets of the routing table responsive to a lookup request for the source address, and the property of the first slice satisfies a replication condition, then the routing entry is replicated to a second set of buckets of the routing table.

Identification of QoS classification based on packet attributes

A method, a system, and a computer program product is disclosed for identifying a quality of service (QoS) classification of a packet in a network by a network processor. The method comprising: providing a table wherein a priority value with a maximum of N values is used as an index into the table to retrieve a QoS classification having a maximum of M values with M less than N; receiving a data packet in a stream of data packets; extracting at least two priority indicator values from the packet; converting the at least two priority indicator values into a priority value; utilizing the priority value as an index into the table; extracting the entry in the table corresponding to the priority value as the QoS classification of the packet; and utilizing the QoS classification for subsequent processing of the data packet.

Cached routing table management

Techniques are provided for cached routing table management in a distributed network switch. A frame having a source address and a destination address is received. If no routing entry for the source address is found in a routing table of a switch module in the distributed network switch, then routing information is determined for the source address and a routing entry is generated. The routing table is modified to include the routing entry, based on a set of hash functions. Upon accessing the generated routing entry in the modified routing table responsive to a subsequent lookup request for the source address, the set of caches is modified to include the generated routing entry.

SELECTION OF RECEIVE-QUEUE BASED ON PACKET ATTRIBUTES

According to embodiments of the invention, there is provided a method for operating a network processor. The network processor receiving a first data packet in a stream of data packets and a set of receive-queues adapted to store receive data packets. The network processor processing the first data packet by reading a flow identification in the first data packet; determining a quality of service for the first data packet; mapping the flow identification and the quality of service into an index for selecting a first receive-queue for routing the first data packet; and utilizing the index to route the first data packet to the first receive-queue. 16-. (canceled)7. A method for operating a network processor comprising:receiving a first data packet in a stream of data packets;processing the first data packet by reading a flow identification in the first data packet;determining a quality of service for the first data packet;mapping the flow identification and the quality of service into an index for selecting a first receive-queue in a set of receive-queues adapted to store receive data packets for routing the first data packet; andutilizing the index to route the first data packet to the first receive-queue.8. The method of further comprising:utilizing a hashing function against the flow identification to construct the index.9. The method of further comprising:utilizing a classification function accessing a ternary content addressable memory for the first data packet.10. The method of further comprising:utilizing a quality of service function for identifying the quality of service.11. The method of further comprising:utilizing a parser for decoding the first data packet; andsending a set of information to a set or other processing units for further processing.12. The method of claim 11 , wherein the set of information further comprising:including a logical port identification and a logical port configuration table.1318-. (canceled) This invention claims priority to the ...

MANAGEMENT OF ROUTING TABLES SHARED BY LOGICAL SWITCH PARTITIONS IN A DISTRIBUTED NETWORK SWITCH

Techniques are provided for managing a routing table in a distributed network switch. The distributed network switch is divided into logical switch partitions, or logical networks, that may share a routing table. The shared routing table is configured with counters and thresholds to control utilization of the routing table on a per-logical network basis. When counters exceed certain threshold, the routing table is modified to reduce routing entries within the routing table or pause insertion of new routing entries. 1. A computer-implemented method for routing table management in a distributed network switch having a plurality of switch modules , wherein each switch module comprises a plurality of bridge elements and a routing table , wherein the routing table in each switch module is shared among the plurality of bridge elements in the respective switch module , wherein the plurality of switch modules are logically partitioned into a plurality of logical networks , the method comprising:receiving, by a first switch module, a first frame having a source address and a destination address, wherein the first frame is associated with a first logical network of the plurality of logical networks;upon determining that the routing table of the first switch module does not include a routing entry for the source address, modifying the routing table in the first switch module to include a first routing entry having routing information determined for the source address and the first logical network;updating a count of routing entries in the routing table that are associated with the first logical network; andupon determining that the count of routing entries associated with the first logical network exceeds a first threshold value associated with the first logical network, modifying the routing table to invalidate a second routing entry in the routing table based on the second routing entry being associated with the first logical network.2. The computer-implemented method of ...

Synchronizing routing tables in a distributed network switch

Techniques are provided for routing table synchronization for a distributed network switch. In one embodiment, a first frame having a source address and a destination address is received. If no routing entry for the source address is found in a routing table of a first switch module, routing information is determined for the source address and a routing entry is generated. An indication is sent to a second switch module, to request a routing entry for the source address to be generated in the second switch module, based on the routing information.

Assignment Constraint Matrix for Assigning Work From Multiple Sources to Multiple Sinks

An assignment constraint matrix method and apparatus used in assigning work, such as data packets, from a plurality of sources, such as data queues in a network processing device, to a plurality of sinks, such as processor threads in the network processing device. The assignment constraint matrix is implemented as a plurality of qualifier matrixes adapted to operate simultaneously in parallel. Each of the plurality of qualifier matrixes is adapted to determine sources in a subset of supported sources that are qualified to provide work to a set of sinks based on assignment constraints. The determination of qualified sources may be based sink availability information that may be provided for a set of sinks on a single chip or distributed on multiple chips.

Assignment constraint matrix for assigning work from multiple sources to multiple sinks

An assignment constraint matrix is used in assigning work, such as data packets, from a plurality of sources, such as data queues in a network processing device, to a plurality of sinks, such as processor threads in the network processing device. The assignment constraint matrix is implemented as a plurality of qualifier matrixes adapted to operate simultaneously in parallel. Each of the plurality of qualifier matrixes is adapted to determine sources in a subset of supported sources that are qualified to provide work to a set of sinks based on assignment constraints. The determination of qualified sources may be based sink availability information that may be provided for a set of sinks on a single chip or distributed on multiple chips.

USING SPECIAL-CASE HARDWARE UNITS FOR FACILITATING ACCESS CONTROL LISTS ON A NETWORKING ELEMENT

Access control lists (ACLs) include one or more rules that each define a condition and one or more actions to be performed if the condition is satisfied. In one embodiment, the conditions are stored on a ternary content-addressable memory (TCAM), which receives a portion of network traffic, such as a frame header, and compares different portions of the header to entries in the TCAM. If the frame header satisfies the condition, the TCAM reports the match to other elements in the ACL. For certain conditions, the TCAM may divide the condition into a plurality of sub-conditions which are each stored in a row of the TCAM. To efficiently use the limited space in TCAM, the networking element may include one or more comparator units which check for special-case conditions. The comparator units may be used in lieu of the TCAM to determine whether the condition is satisfied. 1. A method , comprising:evaluating a portion of received network traffic using a comparator unit of a networking element, the comparator unit comprising one or more hardware units for determining whether the network traffic portion satisfies a condition associated with an access control list (ACL);transmitting a result of evaluating the network traffic portion using the comparator unit to a content addressable memory (CAM); andupon determining that the result satisfies an entry in the CAM, selecting one or more actions corresponding to the satisfied entry to be performed by the networking element, wherein the one or more actions are part of the ACL.2. The method of claim 1 , further comprising:evaluating respective portions of received network traffic using a plurality of comparator units of the networking element, each comparator unit comprising one or more hardware units for determining whether the respective network traffic portions satisfy a plurality of conditions associated with the ACL,wherein the result is a bit vector, wherein each bit in the bit vector indicates whether one of the respective ...

Priority resolution for access control list policies in a networking device

Access control lists (ACLs) permit network administrators to manage network traffic flowing through a networking element to optimize network security, performance, quality of service (QoS), and the like. If a networking element has multiple ACLs directed towards different types of network optimization, each ACL may return a separate action set that identifies one or more actions the networking element should perform based on a received frame. In some cases, these action sets may conflict. To resolve the conflicts, a networking element may include resolution logic that selects one of the conflicting actions based on a predefined precedence value assigned to each action in an action set. By comparing the different precedence values, the resolution logic generates a new action set based on the actions with the highest precedence value.

Hashing-based routing table management

Techniques are provided for hash-based routing table management in a distributed network switch. A frame having a source address and a destination address is received. If no routing entry for the source address is found in a routing table of a switch module in the distributed network switch, routing information is determined for the source address and a routing entry is generated. The routing table is modified to include the routing entry and based on a set of hash functions.

Cached routing table management

Techniques are provided for cached routing table management in a distributed network switch. A frame having a source address and a destination address is received. If no routing entry for the source address is found in a routing table of a switch module in the distributed network switch, then routing information is determined for the source address and a routing entry is generated. The routing table is modified to include the routing entry, based on a set of hash functions. Upon accessing the generated routing entry in the modified routing table responsive to a subsequent lookup request for the source address, the set of caches is modified to include the generated routing entry.

Caching lookups based upon TCP traffic flow characteristics

The classification system of a network device includes a cache in which a mapping between predefined characteristics of TCP/IP packets and associated actions are stored in response to the first Frequent Flyer packet in of a session. Selected characteristics from subsequent received packets of that session are correlated with the predefined characteristics and the stored actions are applied to the received packets if the selected characteristics and the predefined characteristics match, thus reducing the processing required for subsequent packets. The packets selected for caching may be data packets. For mismatched characteristics, the full packet search of the classification system is used to determine the action to apply to the received packet.

Address data learning and registration within a distributed virtual bridge

Systems and methods to forward data frames are provided. A particular apparatus may include a plurality of server computers and a distributed virtual bridge. The distributed virtual bridge may include a plurality of bridge elements coupled to the plurality of server computers and configured to forward a data frame between the plurality of server computers. The plurality of bridge elements may further be configured to automatically learn address data associated with the data frame. A controlling bridge may be coupled to the plurality of bridge elements. The controlling bridge may include a global forwarding table that is automatically updated to include the address data and is accessible to the plurality of bridge elements.

SYNCHRONIZING ROUTING TABLES IN A DISTRIBUTED NETWORK SWITCH

Techniques are provided for routing table synchronization for a distributed network switch. In one embodiment, a first frame having a source address and a destination address is received. If no routing entry for the source address is found in a routing table of a first switch module, routing information is determined for the source address and a routing entry is generated. An indication is sent to a second switch module, to request a routing entry for the source address to be generated in the second switch module, based on the routing information. 17.-. (canceled)8. A computer program product , comprising: computer-readable program code configured to receive, by the first switch module, a first frame having a source address and a destination address, wherein each switch module comprises a plurality of bridge elements and a routing table, wherein the routing table in each switch module is shared among the plurality of bridge elements in the respective switch module; and', determine routing information for the source address;', 'generate the routing entry for the source address in the routing table of the first switch module, based on the routing information; and', 'send, to the second switch module, an indication to generate a corresponding entry in the routing table of the second switch module for the source address, based on the routing information., 'computer-readable program code configured to, upon determining that the routing table of the first switch module does not include a routing entry for the source address], 'a computer-readable storage medium having computer-readable program code embodied therewith for routing table synchronization in a distributed network switch that includes a first switch module and a second switch module, the computer-readable program code comprising9. The computer program product of claim 8 , wherein a broadcast domain of the first switch module is flooded with the first frame claim 8 , and wherein the routing table of the second ...

ATOMICALLY UPDATING TERNARY CONTENT ADDRESSABLE MEMORY-BASED ACCESS CONTROL LISTS

Embodiments described herein provide techniques for atomically updating a ternary content addressable memory (TCAM)-based access control list (ACL). According to one embodiment, a current version bit of the ACL is determined. The current version bit indicates that a rule in the ACL is active is the version flag in the rule matches the current version bit. Through these techniques, a first set of rules can be modified to create a second set of rules (e.g., by insertions, deletions, and replacements, etc.). 17-. (canceled)8. A system , comprising:a processor; and receiving an update to apply to the access control list;', 'identifying a first group of entries in the TCAM using an active version bit, wherein each entry in the first group has a ternary flag has a value matching a current value of the active version bit, wherein the ternary flag value indicates one of matching, not matching, or always matching the active version bit;', 'updating the ternary flag value of one or more entries in the TCAM to define a second group of entries, wherein each entry in the second group of entries has ternary flag value of either not matching or always matching; and', 'atomically performing the update by inverting the value of the active version bit., 'a memory storing a program, which, when executed on the processor, performs an operation for atomically updating an access control list stored in a ternary content addressable memory (TCAM), the operation comprising9. The system of claim 8 , wherein the operation further comprises claim 8 , updating the ternary flag in each TCAM entry of the second group to match the inverted value of the active version bit.10. The system of claim 8 , wherein the update inserts one or more entries in the TCAM claim 8 , and wherein updating the ternary flag of the one or more entries comprises:inserting one or more entries in the TCAM, wherein the ternary flag of each inserted entry has a value that does not match the value of the active version bit; ...

HASHING-BASED ROUTING TABLE MANAGEMENT

Techniques are provided for hash-based routing table management in a distributed network switch. A frame having a source address and a destination address is received. If no routing entry for the source address is found in a routing table of a switch module in the distributed network switch, routing information is determined for the source address and a routing entry is generated. The routing table is modified to include the routing entry and based on a set of hash functions. 17.-. (canceled)8. A computer program product for hash-based routing table management in a distributed network switch comprising a plurality of switch modules including a first switch module , the computer program product comprising: computer-readable program code configured to receive, by the first switch module, a first frame having a source address and a destination address, wherein the first switch module comprises a plurality of bridge elements and a routing table, wherein the routing table in the first switch module is shared among the plurality of bridge elements in the first switch module and includes a plurality of sets of buckets, wherein each set of buckets is associated with a respective hash function of a plurality of hash functions;', 'computer-readable program code configured to, upon determining that the routing table in the first switch module does not include a routing entry for the source address, generate a routing entry for the source address, based on routing information determined for the source address; and', 'computer-readable program code configured to modify the routing table in the first switch module based on the plurality of hash functions, to include the routing entry generated for the source address., 'a computer-readable storage medium having computer-readable program code embodied therewith, the computer-readable program code comprising9. The computer program product of claim 8 , wherein each hash function is distinct claim 8 , wherein each bucket stores a ...

Sliced routing table management

Techniques are provided for hash-based routing table management in a distributed network switch. A frame having a source address and a destination address is received. If no routing entry for the source address is found in a routing table of a switch module in the distributed network switch, where the routing table is divided into slices of buckets, then routing information is determined for the source address and a routing entry is generated. The routing table is modified to include the routing entry and based on a set of hash functions and properties of the slices.

BUFFER MANAGEMENT SCHEME FOR A NETWORK PROCESSOR

The invention provides a method for adding specific hardware on both receive and transmit sides that will hide to the software most of the effort related to buffer and pointers management. At initialization, a set of pointers and buffers is provided by software, in quantity large enough to support expected traffic. A Send Queue Replenisher (SQR) and Receive Queue Replenisher (RQR) hide RQ and SQ management to software. RQR and SQR fully monitor pointers queues and perform recirculation of pointers from transmit side to receive side. 110-. (canceled)11. A network processor for managing packets , the network processor comprising:a receive queue replenisher (RQR) for maintaining a hardware managed receive queue the receive queue being suitable for handling a first pointer to a memory location for storing a packet which has been received;a send queue replenisher (SQR) for maintaining a hardware managed send queue, the send queue being suitable for handling a first send element, the first send element comprising a second pointer to the memory location where the packet has been processed and is ready to be sent;a queue manager for, in response to the packet having been sent, receiving the first send element from the send queue and sending the first send element to the RQR, for the RQR to add the second pointer to the receive queue so that the memory location can be reused for storing another packet.12. The network processor of wherein the first send element in the send queue further comprises an identifier of the receive queue claim 11 , so as to indicate to the RQR to which receive queue the second pointer should be added.13. The network processor of claim 11 , wherein the receive queue and the send queue belong to different queue pairs claim 11 , and wherein the receive queue identifier further comprises information for determining the queue pair to which the receive queue belongs.14. The network processor of claims 11 , wherein multiple software threads can run claims ...

PACKET ROUTING WITH ANALYSIS ASSIST FOR EMBEDDED APPLICATIONS SHARING A SINGLE NETWORK INTERFACE OVER MULTIPLE VIRTUAL NETWORKS

Techniques are provided for packet routing in a distributed network switch. The distributed network switch includes multiple switch modules operatively connected to one another, and each switch module includes multiple bridge elements and a management controller. In one embodiment, a shared interface routing (SIR) framework is provided that includes an analysis and bifurcation layer, at least one packet interface, and an analysis assist layer. A packet is received over a first logical network and via a physical port, the packet being destined for at least a first application executing on the management controller. The analysis assist layer analyzes the packet to determine a reason code to assign to the packet. The analysis and bifurcation layer then analyzes the packet based at least in part on the reason code. 17.-. (canceled)8. A computer program product , comprising: computer-readable program code configured to provide a shared interface routing (SIR) framework that includes an analysis and bifurcation layer, at least one packet interface, and an analysis assist layer;', 'computer-readable program code configured to receive, by the first packet interface, a packet from a first logical network and via a physical port, destined for at least a first application executing on the management controller, wherein the physical port is configured to be shared between a plurality of applications executing on the management controller to send or receive traffic over a plurality of logical networks, wherein the plurality of logical networks includes the first logical network;', 'computer-readable program code configured to analyze, by the analysis assist layer of the SIR framework, the packet to determine a reason code to assign to the packet; and', 'computer-readable program code configured to analyze, by the analysis and bifurcation layer of the SIR framework, the reason code assigned to the packet, wherein the packet is sent to the at least one packet interface based on ...

Message forwarding toward a source end node in a converged network environment

A network node that forwards traffic of a converged network received from a source end node receives a second message addressed to the network node, but intended for the source end node. The second message includes at least a portion of a first message originated by the source end node and previously forwarded by the network node. The network node extracts from the first message a source identifier of the source end node in a first communication protocol and determines by reference to a data structure a destination address of the second message in a second communication protocol. The network node modifies the second message to include the destination address and forwards the second message toward the source end node in accordance with the destination address.

Host ethernet adapter for handling both endpoint and network node communications

A host Ethernet adapter (HEA) and method of managing network communications is provided. The HEA includes a host interface configured for communication with a multi-core processor over a processor bus. The host interface comprises a receive processing element including a receive processor, a receive buffer and a scheduler for dispatching packets from the receive buffer to the receive processor; a send processing element including a send processor and a send buffer; and a completion queue scheduler (CQS) for dispatching completion queue elements (CQE) from the head of the completion queue (CQ) to threads of the multi-core processor in a network node mode. The method comprises operatively coupling an Ethernet adapter to a multi-core processor system via a processor bus, selectively assigning a first plurality of packets to a first queue pair for servicing in an endpoint mode, running a device driver on the multi-core processing system, the device driver controlling the servicing of the first ...

Method and system for maintaining and examining timers for network connections

System and method for maintenance and examination of timers for a computer system having connections in a networking system. Timer values in a connection table each indicate a timeout for a timer for a connection, where each connection has multiple timers, and one of the timer values is written to a global timer array for each connection such that the global timer array can be scanned to determine when timeouts occur for active connections. Sparse restart of a timer includes restarting the timer if data is communicated with a connected computer before the timeout occurs and after a predetermined time interval after timer start, and not restarting the timer if data is communicated before the timeout occurs and within the predetermined interval after timer start.

Data Frame Forwarding Using a Distributed Virtual Bridge

Systems and methods to forward data frames are provided. A particular method may include receiving a data frame at a distributed virtual bridge. The distributed virtual bridge includes a first bridge element coupled to a first server computer and a second bridge element coupled to the first bridge element and to a second server computer. The distributed virtual bridge further includes a controlling bridge coupled to the first bridge element and to the second bridge element. The controlling bridge includes a global forwarding table. The data frame is forwarded from the first bridge element to the second bridge element of the distributed virtual bridge using address data associated with the data frame. A logical network associated with the frame may additionally be used to forward the data frame.

Smart dumping of network switch forwarding database

Techniques are provided for retrieving entries from a routing table or a forwarding database in a distributed network switch. The forwarding database includes match and mask registers used to compare routing entries and return matching routing entries to a requesting management controller. The forwarding database uses a separate timeout value associated with the forwarding database to avoid timeout errors for general register operations, and allows for an asynchronous dump operation of routing entries.

Network control software notification with advance learning

Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch detects packets sent by a new or migrated virtual machine, and sends a copy of a detected packet to the network control software as a notification. The switch further learns the source MAC address, thereby permitting the entry to be used for normal forwarding prior to validation of the entry and the VM associated therewith by the network control software. Until the network control software has validated the VM, the switch may periodically retry the notification to the network control software. “No_Redirect” and “Not_Validated” flags may be used to indicate whether a notification has already been attempted and thus no retry is necessary, and that the VM associated with the VM has not yet been validated, respectively.

Network control software notification and invalidation of static entries

Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch may redirect a packet sent by a new or migrated virtual machine to the network control software as a notification. The switch does not forward the packet, thereby protecting against denial of service attacks. The switch further adds to a forwarding database a temporary entry which includes a “No_Redirect” flag for a new source MAC address, or updates an existing entry for a source MAC address that hits in the forwarding database by setting the “No_Redirect” flag. The “No_Redirect” flag indicates whether a notification has already been sent to the network control software for this source MAC address. The switch may periodically retry the notification to the network control software, until the network control software validates the source MAC address, depending on whether the “No_Redirect” is set.

Synchronization Optimized Queuing System

A synchronization optimized queuing method and device to minimize software/hardware interaction in network interface hardware during an end-of-initiative process, including network adapter queue implementations for network interface hardware for optimized communication in a computer system. An end-of-initiative procedure to ensure that the network interface hardware has received an interrupt enable and to recheck the interrupt queue is unnecessary in the present invention.

FLOW DISTRIBUTION ALGORITHM FOR AGGREGATED LINKS IN AN ETHERNET SWITCH

Link aggregation is a practice that uses multiple Ethernet links between two end points in order to obtain higher bandwidth and resiliency than possible with a single link. A flow distribution technique is provided to distribute traffic between the two end points equally across all links in the group and achieve greater efficiency. The flow distribution technique generates and sub-divides a hash value based on received packet flow. The divided portions of the hash value are used in a hierarchical fashion to select a link to use for this packet. 1. A computer-readable storage medium having computer-readable program code embodied therewith , the computer-readable program code comprising:computer-readable program code configured to generate a hash value based on routing information of a data frame;computer-readable program code configured to divide the hash value into a plurality of chunks, wherein values of the plurality of chunks correspond to a plurality of links associated with a link aggregation group;computer-readable program code configured to determine a selected link having an up state from the plurality of links based on a hierarchical order of the plurality of chunks; andcomputer-readable program code configured to forward the data frame to the selected link.2. The computer-readable storage medium of claim 1 , wherein the computer-readable program code configured to divide the hash value into a plurality of chunks further comprises computer-readable program code to modify each of the plurality of chunks based on a number of the plurality of links.3. The computer-readable storage medium of claim 2 , wherein the computer-readable program code configured to modify a chunk further comprises computer-readable program code configured to reduce a most significant bit of the chunk based on the number of the plurality of links.4. The computer-readable storage medium of claim 1 , wherein the computer-readable program code configured to determine the selected link ...

SYNCHRONIZING ROUTING TABLES IN A DISTRIBUTED NETWORK SWITCH

Techniques are provided for routing table synchronization for a distributed network switch. In one embodiment, a first frame having a source address and a destination address is received. If no routing entry for the source address is found in a routing table of a first switch module, routing information is determined for the source address and a routing entry is generated. An indication is sent to a second switch module, to request a routing entry for the source address to be generated in the second switch module, based on the routing information. 1. A computer-implemented method for routing table synchronization in a distributed network switch that includes a first switch module and a second switch module , wherein the method comprises:receiving, by the first switch module, a first frame having a source address and a destination address, wherein each switch module comprises a plurality of bridge elements and a routing table, wherein the routing table in each switch module is shared among the plurality of bridge elements in the respective switch module; and determining routing information for the source address;', 'generating the routing entry for the source address in the routing table of the first switch module, based on the routing information; and', 'sending, to the second switch module, an indication to generate a corresponding entry in the routing table of the second switch module for the source address, based on the routing information., 'upon determining that the routing table of the first switch module does not include a routing entry for the source address2. The computer-implemented method of claim 1 , wherein a broadcast domain of the first switch module is flooded with the first frame claim 1 , and wherein the routing table of the second switch module is updated to include the corresponding entry for the source address claim 1 , without flooding a broadcast domain of the second switch module with any response frame.3. The computer-implemented method of ...

Address Data Learning and Registration Within a Distributed Virtual Bridge

Systems and methods to forward data frames are provided. A particular apparatus may include a plurality of server computers and a distributed virtual bridge. The distributed virtual bridge may include a plurality of bridge elements coupled to the plurality of server computers and configured to forward a data frame between the plurality of server computers. The plurality of bridge elements may further be configured to automatically learn address data associated with the data frame. A controlling bridge may be coupled to the plurality of bridge elements. The controlling bridge may include a global forwarding table that is automatically updated to include the address data and is accessible to the plurality of bridge elements.

Priority based flow control within a virtual distributed bridge environment

Systems and methods to communicate data frames are provided. A particular apparatus may include a first adapter having a first queue configured to store a data frame associated with a first priority. The adapter is configured to generate a first priority pause frame. A distributed virtual bridge may be coupled to the first adapter. The distributed virtual bridge may include an integrated switch router and a first transport layer module configured to provide a frame-based interface to the integrated switch router. The transport layer module may include a first buffer associated with the first priority. A first bridge element of the distributed virtual bridge may be coupled to the first adapter queue and to the first transport layer module. The first bridge element is configured to receive the first priority pause frame from the adapter and to communicate an interrupt signal to the first transport layer module to interrupt delivery of the data frame to the first queue.

SLICED ROUTING TABLE MANAGEMENT WITH REPLICATION

Techniques are provided for hash-based routing table management in a distributed network switch. A frame having a source address and a destination address is received by a switch module having bridge elements and a routing table divided into slices of buckets, each slice having a respective property and including one or more buckets. If a routing entry for the source address is found in a first slice of a first set of buckets of the routing table responsive to a lookup request for the source address, and the property of the first slice satisfies a replication condition, then the routing entry is replicated to a second set of buckets of the routing table. 1. A computer-readable storage medium containing a program which , when executed , performs an operation for hash-based routing table management in a distributed network switch comprising a plurality of switch modules including a first switch module , the operation comprising:receiving, by the first switch module, a first frame having a source address and a destination address, wherein the first switch module comprises a plurality of bridge elements and a routing table, wherein the routing table in the first switch module is shared among the plurality of bridge elements in the first switch module and includes a plurality of sets of buckets, wherein each set of buckets is associated with a respective hash function of a plurality of hash functions, wherein each set of buckets is divided into a plurality of subgroups of buckets, each subgroup having a respective property;upon determining, responsive to an initial lookup request for the source address, that the routing table does not include any routing entry for the source address, generating a routing entry for the source address in a first subgroup of a first set of buckets of the routing table, without replicating the routing entry to any other set of buckets of the routing table; andupon accessing the routing entry for the source address in the first subgroup of ...

Network control software notification and invalidation of static entries

Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch may redirect a packet sent by a new or migrated virtual machine to the network control software as a notification. The switch does not forward the packet, thereby protecting against denial of service attacks. The switch further adds to a forwarding database a temporary entry which includes a “No_Redirect” flag for a new source MAC address, or updates an existing entry for a source MAC address that hits in the forwarding database by setting the “No_Redirect” flag. The “No_Redirect” flag indicates whether a notification has already been sent to the network control software for this source MAC address. The switch may periodically retry the notification to the network control software, until the network control software validates the source MAC address, depending on whether the “No_Redirect” is set.

Management of routing tables shared by logical switch partitions in a distributed network switch

Techniques are provided for managing a routing table in a distributed network switch. The distributed network switch is divided into logical switch partitions, or logical networks, that may share a routing table. The shared routing table is configured with counters and thresholds to control utilization of the routing table on a per-logical network basis. When counters exceed certain threshold, the routing table is modified to reduce routing entries within the routing table or pause insertion of new routing entries.

Synchronization optimized queuing system

A synchronization optimized queuing method and device to minimize software/hardware interaction in network interface hardware during an end-of-initiative process, including network adapter queue implementations for network interface hardware for optimized communication in a computer system. An end-of-initiative procedure to ensure that the network interface hardware has received an interrupt enable and to recheck the interrupt queue is unnecessary in the present invention.

Data frame forwarding using a distributed virtual bridge

Systems and methods to forward data frames are provided. A particular method may include receiving a data frame at a distributed virtual bridge. The distributed virtual bridge includes a first bridge element coupled to a first server computer and a second bridge element coupled to the first bridge element and to a second server computer. The distributed virtual bridge further includes a controlling bridge coupled to the first bridge element and to the second bridge element. The controlling bridge includes a global forwarding table. The data frame is forwarded from the first bridge element to the second bridge element of the distributed virtual bridge using address data associated with the data frame. A logical network associated with the frame may additionally be used to forward the data frame.

Providing to a Parser and Processors in a Network Processor Access to an External Coprocessor

A mechanism is provided for sharing a communication used by a parser (parser path) in a network adapter of a network processor for sending requests for a process to be executed by an external coprocessor. The parser path is shared by processors of the network processor (software path) to send requests to the external processor. The mechanism uses for the software path a request mailbox comprising a control address and a data field accessed by MMIO for sending two types of messages, one message type to read or write resources and one message type to trigger an external process in the coprocessor and a response mailbox for receiving response from the external coprocessor comprising a data field and a flag field. The other processors of the network poll the flag until set and get the coprocessor result in the data field.

SLICED ROUTING TABLE MANAGEMENT

Techniques are provided for hash-based routing table management in a distributed network switch. A frame having a source address and a destination address is received. If no routing entry for the source address is found in a routing table of a switch module in the distributed network switch, where the routing table is divided into slices of buckets, then routing information is determined for the source address and a routing entry is generated. The routing table is modified to include the routing entry and based on a set of hash functions and properties of the slices. 1. A computer-implemented method for hash-based routing table management in a distributed network switch comprising a plurality of switch modules including a first switch module , the method comprising:receiving, by the first switch module, a first frame having a source address and a destination address, wherein the first switch module comprises a plurality of bridge elements and a routing table, wherein the routing table in the first switch module is shared among the plurality of bridge elements in the first switch module and includes a plurality of sets of buckets, wherein each set of buckets is associated with a respective hash function of a plurality of hash functions and is divided into a plurality of slices of buckets, each slice having a respective property and including one or more buckets; andupon determining that the routing table in the first switch module does not include a routing entry for the source address, generating a routing entry for the source address, based on routing information determined for the source address, wherein the routing table in the first switch module is modified, based on the plurality of hash functions and the respective properties of the plurality of slices, to include the routing entry generated for the source address.2. The computer-implemented method of claim 1 , wherein access to the plurality of slices of each set of buckets is managed by an arbiter component ...

MESSAGE FORWARDING TOWARD A SOURCE END NODE IN A CONVERGED NETWORK ENVIRONMENT

A network node that forwards traffic of a converged network received from a source end node receives a second message addressed to the network node, but intended for the source end node. The second message includes at least a portion of a first message originated by the source end node and previously forwarded by the network node. The network node extracts from the first message a source identifier of the source end node in a first communication protocol and determines by reference to a data structure a destination address of the second message in a second communication protocol. The network node modifies the second message to include the destination address and forwards the second message toward the source end node in accordance with the destination address. 16-. (canceled)7. A program product , comprising:a tangible machine-readable storage medium; and receiving a second message addressed to the network node, but intended for the source end node, the second message including at least a portion of a first message originated by the source end node and previously forwarded by the network node;', 'extracting from the first message a source identifier of the source end node in a first communication protocol;', 'determining by reference to a data structure a destination address of the second message in a second communication protocol; and', 'modifying the second message to include the destination address and forwarding the second message toward the source end node in accordance with the destination address., 'program code stored within the tangible machine-readable storage medium that, when processed by a network node that forwards traffic of a converged network received from a source end node, causes the network node to perform8. The program product of claim 7 , wherein:the first communication protocol is Fibre Channel;the second communication protocol is Ethernet.9. The program product of claim 8 , wherein the network node is one of a set including a Fibre Channel ...

MESSAGE FORWARDING TOWARD A SOURCE END NODE IN A CONVERGED NETWORK ENVIRONMENT

A network node that forwards traffic of a converged network received from a source end node receives a second message addressed to the network node, but intended for the source end node. The second message includes at least a portion of a first message originated by the source end node and previously forwarded by the network node. The network node extracts from the first message a source identifier of the source end node in a first communication protocol and determines by reference to a data structure a destination address of the second message in a second communication protocol. The network node modifies the second message to include the destination address and forwards the second message toward the source end node in accordance with the destination address. 1. A method of data processing in a converged network , the method comprising:at a network node that forwards traffic of the converged network received from a source end node, receiving a second message addressed to the network node, but intended for the source end node, the second message including at least a portion of a first message originated by the source end node and previously forwarded by the network node;the network node extracting from the first message a source identifier of the source end node in a first communication protocol;the network node determining by reference to a data structure a destination address of the second message in a second communication protocol; andthe network node modifying the second message to include the destination address and forwarding the second message toward the source end node in accordance with the destination address.2. The method of claim 1 , wherein:the first communication protocol is Fibre Channel;the second communication protocol is Ethernet.3. The method of claim 2 , wherein the network node is one of a set including a Fibre Channel over Ethernet (FCoE) forwarder (FCF) and a FCoE Data Forwarder (FDF).4. The method of claim 2 , wherein:the first message is a ...

NETWORK CONTROL SOFTWARE NOTIFICATION WITH ADVANCE LEARNING

Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch detects packets sent by a new or migrated virtual machine, and sends a copy of a detected packet to the network control software as a notification. The switch further learns the source MAC address, thereby permitting the entry to be used for normal forwarding prior to validation of the entry and the VM associated therewith by the network control software. Until the network control software has validated the VM, the switch may periodically retry the notification to the network control software. “No_Redirect” and “Not_Validated” flags may be used to indicate whether a notification has already been attempted and thus no retry is necessary, and that the VM associated with the VM has not yet been validated, respectively. 18.-. (canceled)9. One or more non-transitory computer-readable storage media storing instructions , which when executed by a client device and a server system , performs operations for notifying network control software of new and moved source media access control (MAC) addresses , comprising:determining that a received first packet includes either a new or moved source MAC address;inserting or updating an entry in a forwarding database, wherein the inserted or updated entry includes the source MAC address extracted from the first packet;transmitting a copy of the first packet as a notification to the network control software; andsetting a first flag and a second flag of the forwarding database entry, wherein the set first flag indicates that the network control software has been notified, and wherein the set second flag indicates that the network control software has not yet validated the source MAC address of the forwarding database entry.10. The computer-readable storage media of claim 9 , the operations further comprising claim 9 , forwarding the first packet to a target MAC address indicated in the first packet.11. The ...

Network control software notification and invalidation of static entries

Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch may redirect a packet sent by a new or migrated virtual machine to the network control software as a notification. The switch does not forward the packet, thereby protecting against denial of service attacks. The switch further adds to a forwarding database a temporary entry which includes a “No_Redirect” flag for a new source MAC address, or updates an existing entry for a source MAC address that hits in the forwarding database by setting the “No_Redirect” flag. The “No_Redirect” flag indicates whether a notification has already been sent to the network control software for this source MAC address. The switch may periodically retry the notification to the network control software, until the network control software validates the source MAC address, depending on whether the “No_Redirect” is set.

NETWORK CONTROL SOFTWARE NOTIFICATION WITH DENIAL OF SERVICE PROTECTION

Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch may redirect a packet sent by a new or migrated virtual machine to the network control software as a notification. The switch does not forward the packet, thereby protecting against denial of service attacks. The switch further adds to a forwarding database a temporary entry which includes a “No_Redirect” flag for a new source MAC address, or updates an existing entry for a source MAC address that hits in the forwarding database by setting the “No_Redirect” flag. The “No_Redirect” flag indicates whether a notification has already been sent to the network control software for this source MAC address. The switch may periodically retry the notification to the network control software, until the network control software validates the source MAC address, depending on whether the “No_Redirect” is set. 18-. (canceled)9. One or more non-transitory computer-readable storage media storing instructions , which when executed by a client device and a server system , performs operations for notifying network control software of new and moved source media access control (MAC) addresses , comprising:receiving, by a switch device, a first packet;if the first packet includes a new source MAC address, inserting into a forwarding database a temporary entry which includes the source MAC address and a flag which is set to indicate that the network control software has been notified;if the first packet includes a moved source MAC address, updating an existing entry in the forwarding database which includes the source MAC address by setting the flag for the entry; andforwarding the first packet towards the network control software.10. The non-transitory computer-readable storage media of claim 9 , wherein the first packet is not forwarded towards a port associated with the target MAC address included in the first packet.11. The non-transitory computer-readable ...

NETWORK CONTROL SOFTWARE NOTIFICATION WITH DENIAL OF SERVICE PROTECTION

Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch may redirect a packet sent by a new or migrated virtual machine to the network control software as a notification. The switch does not forward the packet, thereby protecting against denial of service attacks. The switch further adds to a forwarding database a temporary entry which includes a “No_Redirect” flag for a new source MAC address, or updates an existing entry for a source MAC address that hits in the forwarding database by setting the “No_Redirect” flag. The “No_Redirect” flag indicates whether a notification has already been sent to the network control software for this source MAC address. The switch may periodically retry the notification to the network control software, until the network control software validates the source MAC address, depending on whether the “No_Redirect” is set. 1. A computer-implemented method for notifying network control software of new and moved source media access control (MAC) addresses , comprising:receiving, by a switch device, a first packet;if the first packet includes a new source MAC address, inserting into a forwarding database a temporary entry which includes the source MAC address and a flag which is set to indicate that the network control software has been notified;if the first packet includes a moved source MAC address, updating an existing entry in the forwarding database which includes the source MAC address by setting the flag for the entry; andforwarding the first packet towards the network control software.2. The method of claim 1 , wherein the first packet is not forwarded towards a port associated with the target MAC address included in the first packet.3. The method of claim 1 , wherein the temporary entry includes a field indicating the temporary status of the entry and wherein the temporary entry does not include routing information.4. The method of claim 1 , wherein the flag ...

Network control software notification and invalidation of static entries

Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch may redirect a packet sent by a new or migrated virtual machine to the network control software as a notification. The switch does not forward the packet, thereby protecting against denial of service attacks. The switch further adds to a forwarding database a temporary entry which includes a “No_Redirect” flag for a new source MAC address, or updates an existing entry for a source MAC address that hits in the forwarding database by setting the “No_Redirect” flag. The “No_Redirect” flag indicates whether a notification has already been sent to the network control software for this source MAC address. The switch may periodically retry the notification to the network control software, until the network control software validates the source MAC address, depending on whether the “No_Redirect” is set.

Network control software notification with advance learning

Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch detects packets sent by a new or migrated virtual machine, and sends a copy of a detected packet to the network control software as a notification. The switch further learns the source MAC address, thereby permitting the entry to be used for normal forwarding prior to validation of the entry and the VM associated therewith by the network control software. Until the network control software has validated the VM, the switch may periodically retry the notification to the network control software. “No_Redirect” and “Not_Validated” flags may be used to indicate whether a notification has already been attempted and thus no retry is necessary, and that the VM associated with the VM has not yet been validated, respectively.

SMART DUMPING OF NETWORK SWITCH FORWARDING DATABASE

Techniques are provided for retrieving entries from a routing table or a forwarding database in a distributed network switch. The forwarding database includes match and mask registers used to compare routing entries and return matching routing entries to a requesting management controller. The forwarding database uses a separate timeout value associated with the forwarding database to avoid timeout errors for general register operations, and allows for an asynchronous dump operation of routing entries. 1. A computer program product for retrieving routing entries from a switch module , the computer program product comprising: computer-readable program code, executable by a processor, configured to receive, from a management controller, a request for at least one routing entry in a forwarding database (FDB) matching a specified criteria, wherein the request is associated with a first timeout value;', 'computer-readable program code configured to initiate a timer associated with the FDB having a value less than the first timeout value;', 'computer-readable program code configured to, responsive to determining a first routing entry in the FDB matches the specified criteria before expiration of the timer associated with the FDB, write the first routing entry to an output register;', 'computer-readable program code configured to, responsive to expiration of the timer associated with the FDB, write an indication that an FDB timeout has occurred to the output register;', 'computer-readable program code configured to assert a write operation to the output register is completed; and', 'computer-readable program code configured to generate a response frame, to the management controller, containing the value of the output register., 'a computer-readable storage medium having computer-readable program code embodied therewith, the computer-readable program code comprising2. The computer program product of claim 1 , wherein the specified criteria comprises a match value and a mask ...

SMART DUMPING OF NETWORK SWITCH FORWARDING DATABASE

Techniques are provided for retrieving entries from a routing table or a forwarding database in a distributed network switch. The forwarding database includes match and mask registers used to compare routing entries and return matching routing entries to a requesting management controller. The forwarding database uses a separate timeout value associated with the forwarding database to avoid timeout errors for general register operations, and allows for an asynchronous dump operation of routing entries. 1. A method for retrieving routing entries from a switch module , the method comprising:receiving, from a management controller, a request for at least one routing entry in a forwarding database (FDB) matching a specified criteria, wherein the request is associated with a first timeout value;initiating a timer associated with the FDB having a value less than the first timeout value;responsive to determining a first routing entry in the FDB matches the specified criteria before expiration of the timer associated with the FDB, writing the first routing entry to an output register;responsive to expiration of the timer associated with the FDB, writing an indication that an FDB timeout has occurred to the output register;asserting a write operation to the output register is completed; andgenerating a response frame, to the management controller, containing the value of the output register.2. The method of claim 1 , wherein the specified criteria comprises a match value and a mask value claim 1 , wherein the mask value specifies a portion of the first routing entry to compare to the match value.3. The method of claim 1 , wherein determining the first routing entry in the FDB matches the specified criteria before expiration of the timer associated with the FDB further comprises:modified the first routing entry based on a value in a mask register to select a portion of the first routing entry; anddetermining the selected portion of the first routing entry matches a value in a ...

SMART DUMPING OF NETWORK SWITCH FORWARDING DATABASE

Techniques are provided for retrieving entries from a routing table or a forwarding database in a distributed network switch. The forwarding database includes match and mask registers used to compare routing entries and return matching routing entries to a requesting management controller. The forwarding database uses a separate timeout value associated with the forwarding database to avoid timeout errors for general register operations, and allows for an asynchronous dump operation of routing entries. 1. A method for retrieving routing entries from a switch module , the method comprising:receiving, from a management controller, a request for at least one routing entry in a forwarding database (FDB) matching a specified criteria, wherein the request is associated with a first timeout value;initiating a timer associated with the FDB having a value less than the first timeout value;responsive to determining a first routing entry in the FDB matches the specified criteria before expiration of the timer associated with the FDB, writing the first routing entry to an output register; andgenerating a response frame, to the management controller, containing the value of the output register.2. The method of claim 1 , wherein the specified criteria comprises a match value and a mask value claim 1 , wherein the mask value specifies a portion of the first routing entry to compare to the match value.3. The method of claim 1 , wherein determining the first routing entry in the FDB matches the specified criteria before expiration of the timer associated with the FDB further comprises:modified the first routing entry based on a value in a mask register to select a portion of the first routing entry; anddetermining the selected portion of the first routing entry matches a value in a match register.4. The method of claim 1 , wherein generating the response frame claim 1 , to the management controller claim 1 , containing the value of the output register further comprises:generating ...

Atomically updating ternary content addressable memory-based access control lists

Embodiments described herein provide techniques for atomically updating a ternary content addressable memory (TCAM)-based access control list (ACL). According to one embodiment, a current version bit of the ACL is determined. The current version bit indicates that a rule in the ACL is active is the version flag in the rule matches the current version bit. Through these techniques, a first set of rules can be modified to create a second set of rules (e.g., by insertions, deletions, and replacements, etc.).

パケットにｑｏｓレベルを付するための方法、装置およびコンピュータ・プログラム

【課題】パケットにＱＯＳレベルを付するための方法、装置およびコンピュータ・プログラムを提供する。 【解決手段】連続ネットワーク・レイヤによる、入れ子のヘッダを含むマルチレイヤ・ネットワーク通信が構文解析され、ヘッダ群全体に亘って分散された、各個別レイヤのデータに対する優先度またはサービス品質要件（優先度標識値）に関する値が抽出される。集合されたデータ（合成集合優先度値）が、より低分解能の品質レベル値に対する異なった可能な合成集合優先度値がマップされた表に、適用される。優先度標識値または合成集合優先度値は、フィルタし、マスクし、または圧縮することができる。ある実施形態によれば、優先度標識値を格納する相異なるビット・サブセットが、パケットが関連付けられた論理ポートと、その論理ポートに適合する品質レベル値のマッピングを備える区別されたサブテーブルに適用される最終的な優先度標識値と、に基づいて選定される。 【選択図】図７

System and method for multicore communication processing

Priority resolution for access control list policies in a networking device

Access control lists (ACLs) permit network administrators to manage network traffic flowing through a networking element to optimize network security, performance, quality of service (QoS), and the like. If a networking element has multiple ACLs directed towards different types of network optimization, each ACL may return a separate action set that identifies one or more actions the networking element should perform based on a received frame. In some cases, these action sets may conflict. To resolve the conflicts, a networking element may include resolution logic that selects one of the conflicting actions based on a predefined precedence value assigned to each action in an action set. By comparing the different precedence values, the resolution logic generates a new action set based on the actions with the highest precedence value.