Patents
Literature
Hiro is an intelligent assistant for R&D personnel, combined with Patent DNA, to facilitate innovative research.
Hiro

2840 results about "Packet processing" patented technology

In digital communications networks, packet processing refers to the wide variety of algorithms that are applied to a packet of data or information as it moves through the various network elements of a communications network. With the increased performance of network interfaces, there is a corresponding need for faster packet processing.

Runtime adaptable search processor

A runtime adaptable search processor is disclosed. The search processor provides high speed content search capability to meet the performance need of network line rates growing to 1 Gbps, 10 Gbps and higher. The search processor provides a unique combination of NFA and DFA based search engines that can process incoming data in parallel to perform the search against the specific rules programmed in the search engines. The processor architecture also provides capabilities to transport and process Internet Protocol (IP) packets from Layer 2 through transport protocol layer and may also provide packet inspection through Layer 7. Further, a runtime adaptable processor is coupled to the protocol processing hardware and may be dynamically adapted to perform hardware tasks as per the needs of the network traffic being sent or received and / or the policies programmed or services or applications being supported. A set of engines may perform pass-through packet classification, policy processing and / or security processing enabling packet streaming through the architecture at nearly the full line rate. A high performance content search and rules processing security processor is disclosed which may be used for application layer and network layer security. Scheduler schedules packets to packet processors for processing. An internal memory or local session database cache stores a session information database for a certain number of active sessions. The session information that is not in the internal memory is stored and retrieved to / from an additional memory. An application running on an initiator or target can in certain instantiations register a region of memory, which is made available to its peer(s) for access directly without substantial host intervention through RDMA data transfer. A security system is also disclosed that enables a new way of implementing security capabilities inside enterprise networks in a distributed manner using a protocol processing hardware with appropriate security features.
Owner:MEMORY ACCESS TECH LLC

Runtime adaptable security processor

A runtime adaptable security processor is disclosed. The processor architecture provides capabilities to transport and process Internet Protocol (IP) packets from Layer 2 through transport protocol layer and may also provide packet inspection through Layer 7. Further, a runtime adaptable processor is coupled to the protocol processing hardware and may be dynamically adapted to perform hardware tasks as per the needs of the network traffic being sent or received and / or the policies programmed or services or applications being supported. A set of engines may perform pass-through packet classification, policy processing and / or security processing enabling packet streaming through the architecture at nearly the full line rate. A high performance content search and rules processing security processor is disclosed which may be used for application layer and network layer security. A scheduler schedules packets to packet processors for processing. An internal memory or local session database cache stores a session information database for a certain number of active sessions. The session information that is not in the internal memory is stored and retrieved to / from an additional memory. An application running on an initiator or target can in certain instantiations register a region of memory, which is made available to its peer(s) for access directly without substantial host intervention through RDMA data transfer. A security system is also disclosed that enables a new way of implementing security capabilities inside enterprise networks in a distributed manner using a protocol processing hardware with appropriate security features.
Owner:MEMORY ACCESS TECH LLC

Device for and method of wireless intrusion detection

A device for and method of detecting intrusion into a wireless network that includes a configuration file, a rules files, a main processor, a set packet processor, an initialize preprocessor, a parse rules file, an interface thread unit, a process packet unit, a decoder, a preprocess unit connected to the process packet unit; at least one preprocessor consisting of a rogue access point and transmit channel preprocessor, a NETSTUMBLER preprocessor, a MAC spoofing preprocessor, a DEAUTH flood preprocessor, an AUTH flood preprocessor, a rogue client preprocessor, a bridged network preprocessor, a rogue client valid access point preprocessor, valid client rogue access point preprocessor, an ad-hoc network preprocessor, a wrong channel preprocessor, a cloaking policy violation preprocessor, an encryption policy violation preprocessor, and a null SSID association policy violation preprocessor; and a detector.
Owner:NATIONAL SECURITY AGENCY

Methods for performing packet classification via prefix pair bit vectors

Methods for performing packet classification via prefix pair bit vectors. Unique prefix pairs in an access control list (ACL) are identified, with each prefix pair comprising a unique combination of a source prefix and a destination prefix. Corresponding prefix pair bit vectors (PPBVs) are defined for each unique source prefix and unique destination prefix in the ACL, with each PPBV including a string of bits and each bit position in the string associated with a corresponding prefix pair. A list of transport field value combinations are associated with each prefix pair based on corresponding entries in the ACL. During packet-processing operations, PPBV lookups are made using the source and destination prefix header values, and the PPBVs are logically ANDed to identify applicable prefix pairs. A search is then performed on transport field value combinations corresponding to the prefix pairs and the packet header to identify a highest priority rule.
Owner:INTEL CORP

Multi-dimensional computation distribution in a packet processing device having multiple processing architecture

Flow-aware task distribution in network devices having multiple processor architectures. In one embodiment, the present invention can be used for high bandwidth network processing in an application and flow aware Quality of Service (QoS) network device. In some implementations, the present invention provides a task distribution architecture capable of flow state awareness and link level QoS control. In some implementations, the present invention can incorporate one or more processes, such as flow distributors and device distributors, that route packets for processing among different processing units on the basis flow correspondence and / or link or network path attributes. The flow and device distributors, in one implementation, allow for the separation and paralletization of packet processing functionality into flow-specific and link-specific processing units, allowing for a highly-scalable, flow-aware task distribution in a network device that processes network application traffic.
Owner:CA TECH INC

Method and system for providing site independent real-time multimedia transport over packet-switched networks

Embodiments of the invention enable minimum latency site independent real-time video transport over packet switched networks. Some examples of real-time video transport are video conferencing and real-time or live video streaming. In one embodiment of the invention, a network node transmits live or real-tine audio and video signals, encapsulated as Internet Protocol (IP) data packets, to one or more nodes on the Internet or other IP network. One embodiment of the invention enables a user to move to different nodes or move nodes to different locations thereby providing site independence. Site independence is achieved by measuring and accounting for the jitter and delay between a transmitter and receiver based on the particular path between the transmitter and receiver independent of site location. The transmitter inserts timestamps and sequence numbers into packets and then transmits them. A receiver uses these timestamps to recover the transmitter's clock. The receiver stores the packets in a buffer that orders them by sequence number. The packets stay in the buffer for a fixed latency to compensate for possible network jitter and / or packet reordering. The combination of timestamp packet-processing, remote clock recovery and synchronization, fixed-latency receiver buffering, and error correction mechanisms help to preserve the quality of the received video, despite the significant network impairments generally encountered throughout the Internet and wireless networks.
Owner:QVIDIUM TECH

Method and arrangement for implementing IPSEC policy management using filter code

A data processing system implements a security protocol based on processing data in packets. The data processing system comprises processing packets for storing filter code and processing data packets according to stored filter code, and a policy managing function for generating filter code and communicating generated filter code for packet processing. The packet processing function is arranged to examine, whether the stored filter code is applicable for processing a certain packet. If the stored filter code is not applicable for the processing of a packet, the packet is communicated to the policy managing function, which generates filter code applicable for the processing of the packet and communicates the generated filter code for packet processing.
Owner:TECTIA

Integrated computer security management system and method

The present invention is generally directed to a computer security management system that integrates a firewall with an intrusion detection system (IDS). In other words, the firewall and IDS of the present invention can be designed to communicate process or status information and packets with one another. The present invention can facilitate centralized control of the firewall and the IDS and can increase the speed at which packets are passed between a secured computer network and an external network. Increased packet processing speed can be achieved in several ways. For example, the firewall and IDS can process packets in series, in parallel, and sometimes singularly when one of the components is not permitted to process a packet. Alternatively, singular processing can also be performed when one component is permitted to pass a packet to the secured computer network without checking with the other component.
Owner:SECUREWORKS

Two-stage intrusion detection system for high-speed packet processing using network processor and method thereof

A system and method for detecting network intrusion by using a network processor are provided. The intrusion detection system includes: a first intrusion detector, configured to use a first network processor to perform intrusion detection on layer 3 and layer 4 of a protocol field among information included in a packet header of a packet transmitted to the intrusion detection system, and when no intrusion is detected, classify the packets according to stream and transmit the classified packets to a second intrusion detector; and a second intrusion detector, configured to use a second network processor to perform intrusion detection through deep packet inspection (DPI) for the packet payload of the packets transmitted from the first intrusion detector. Thereby, intrusion detection for high-speed packets can be performed in a network environment.
Owner:ELECTRONICS & TELECOMM RES INST

Distributed packet processing architecture for network access servers

An access server architecture, and methods for use of the architecture, are disclosed. The architecture and methods are designed to increase the scalability of and balance processor load for a network access server. In this architecture, packet forwarding and packet processing are distributed amongst the cards serving the low-speed access lines, such that each line card is responsible for performing forwarding and packet processing for packets associated with the low-speed ports that line card serves. As the number of line cards expands, forwarding resources are expanded in at least rough proportion. The NAS route switch controller, and the high-speed ports, are largely relieved of packet processing tasks because the egress port uses a distribution engine that performs a cursory examination on one or more header fields on packets received—comprehending only enough information to allow each packet to be distributed to the appropriate line card for full processing.
Owner:CISCO TECH INC

Packet processing device

A packet processing device in which a receiving buffer free space notifying portion notifies a free space of a receiving buffer, an accumulation condition determining portion determines a size of a big packet based on the free space, and a reassembly buffer processor reassembles a plurality of receiving packets into a single big packet to be transmitted to the receiving buffer. A backward packet inclusive information reading circuit for detecting the free space based on information within a backward packet from the upper layer may be used as the receiving buffer free space notifying portion. Also, an application layer may be used as the upper layer so that the big packet is transmitted not through a buffer of a transport layer but directly to the receiving buffer.
Owner:FUJITSU LTD

Network interface and firewall device

A network processing device provides a novel architecture for conducting firewall and other network interface management operations. In another aspect of the invention, a Unified Policy Management (UPM) architecture uses a same memory and processing structure to integrate firewall policy management with routing and switching decisions. In another embodiment, a Reconfigurable Semantic Processor (RSP) uses a parser to identify different syntactic elements that are then used by one or more Semantic Processing Units (SPUs) to carry out different firewall, network interface, routing, switching, and other packet processing operations.
Owner:VENTURE LENDING & LEASING IV

Pipelined packet switching and queuing architecture

An architecture for a line card in a network routing device is provided. The line card architecture provides a bi-directional interface between the routing device and a network, both receiving packets from the network and transmitting the packets to the network through one or more connecting ports. In both the receive and transmit path, packets processing and routing in a multi-stage, parallel pipeline that can operate on several packets at the same time to determine each packet's routing destination is provided. Once a routing destination determination is made, the line card architecture provides for each received packet to be modified to contain new routing information and additional header data to facilitate packet transmission through the switching fabric. The line card architecture further provides for the use of bandwidth management techniques in order to buffer and enqueue each packet for transmission through the switching fabric to a corresponding destination port. The transmit path of the line card architecture further incorporates additional features for treatment and replication of multicast packets.
Owner:CISCO TECH INC

Methods, systems, and devices using reprogrammable hardware for high-speed processing of streaming data to find a redefinable pattern and respond thereto

A reprogrammable packet processing system for processing a stream of data is disclosed herein. A reprogrammable data processor is implemented with a programmable logic device (PLD), such as a field programmable gate array (FPGA), that is programmed to determine whether a stream of data applied thereto includes a string that matches a redefinable data pattern. If a matching string is found, the data processor performs a specified action in response thereto. The data processor is reprogrammable to search packets for the presence of different data patterns and / or perform different actions when a matching string is detected. A reconfiguration device receives input from a user specifying the data pattern and action, processes the input to generate the configuration information necessary to reprogram the PLD, and transmits the configuration information to the packet processor for reprogramming thereof.
Owner:WASHINGTON UNIV IN SAINT LOUIS

Method and apparatus for achieving dynamic capacity and high availability in multi-stage data networks using adaptive flow-based routing

Methods and systems for determining paths for flows within a multi-stage network made up of clusters of processing nodes. The flow paths may be determined without knowledge of whether or not packets of a particular flow will actually traverse specific ones of the clusters within the multi-stage network. In various implementations, the nodes of the multi-stage network may be coupled to one or more physical network switches through respective physical interfaces and a virtual connectivity grid superimposed thereon and configured through the use of a flow routing framework and system management framework to group the nodes into a number of clusters. The nodes of each cluster are configured to perform similar packet processing functions and the clusters are interconnected through virtual networks to which the nodes are communicatively coupled via virtual interfaces overlaid on top of the physical network interfaces.
Owner:DELL PROD LP

Packet processing for logical datapath sets

Some embodiments provide a method that processes network data through a network. The method receives a packet destined for a network host associated with a logical datapath set implemented by a set of managed edge switching elements and a set of managed non-edge switching elements in the network. The method determines whether the packet is a known packet. When the packet is a known packet, the method forwards the packet to a managed switching element in the set of managed edge switching elements for forwarding to the network host. When the packet is not a known packet, the method forwards the packet to a managed switching element in the set of managed non-edge switching elements for further processing.
Owner:NICIRA

Combined pipelined classification and address search method and apparatus for switching environments

A packet switching node having a pipelined packet processing architecture processing packets received via an input port associated with the packet switching node is presented. The method performed by the apparatus includes: determining a packet frame type of the packet received; selectively extracting packet header field values specific to a packet frame type, the extracted packet header field value including packet addressing information; ascribing to the packet a preliminary action to be performed in respect of the packet; searching packet switching information tracked by the packet switching node based on extracted packet addressing information; formulating a preliminary switch response for the packet; classifying the packet into one of a plurality of packet flows; modifying the preliminary switch response in accordance with one of the preliminary action, the packet flow into which the packet was classified, and a default port action corresponding to the input port; modifying the packet header in accordance with one of the preliminary action, the packet flow, and the default port action; and processing the packet in accordance with the switch response. Advantages are derived from: pipelined processing of packets which enables short-cutting the rest of the processing for improper packets; a flexible frame type determination which is fast for well know frame types yet flexible in support of new frame types delaying obsolescence of a particular implementation; an early determination of a processing action which is successively refined by subsequent stages; a combined Layer-2 and Layer-3 network addressing search engine operating on short bit length indexed Layer-2 and Layer-3 network addresses reducing network address table storage requirements, requiring a reduced data transfer bandwidth for network address table access, a large external hashed primary network address table, and a small internal secondary network address table; an early determination of a switch response; and packet-classification-based switch response and packet header modification.
Owner:SYNAPTICS INC

Stateful packet content matching mechanisms

ActiveUS20070011734A1Energy efficient ICTMultiprogramming arrangementsComputer hardwareString searching algorithm
Methods and apparatus for performing content inspection across packet boundaries using stateful packet content matching mechanisms. Pattern data structures are employed to facilitate string search algorithm machines. Incoming packets are classified to flows, and stored in corresponding flow queues. Flow table entries are used to identify the pattern data structure for a given flow. During content inspection, the algorithm machine updates state information to identify partial or full matches. When a partial match is detected towards the end of an earlier packet state information in the flow table is updated to reflect the state such that content inspection of a following packet begins at that state. As a result, content inspection across packet boundaries is supported. The techniques may further be employed in a packet processing context pipeline stage.
Owner:TAHOE RES LTD

System and method for performing granular invalidation of cached dynamically generated objects in a data communication network

The present invention is directed towards a method and system for providing granular timed invalidation of dynamically generated objects stored in a cache. The techniques of the present invention incorporates the ability to configure the expiration time of objects stored by the cache to fine granular time intervals, such as the granularity of time intervals provided by a packet processing timer of a packet processing engine. As such, the present invention can cache objects with expiry times down to very small intervals of time. This characteristic is referred to as “invalidation granularity.” By providing this fine granularity in expiry time, the cache of the present invention can cache and serve objects that frequently change, sometimes even many times within a second. One technique is to leverage the packet processing timers used by the device of the present invention that are able operate at time increments on the order of milliseconds to permit invalidation or expiry granularity down to 10 ms or less.
Owner:CITRIX SYST INC

Programmable system for processing a partitioned network infrastructure

The present invention relates to a general-purpose programmable packet-processing platform for accelerating network infrastructure applications which have been structured so as to separate the stages of classification and action. Network packet classification, execution of actions upon those packets, management of buffer flow, encryption services, and management of Network Interface Controllers are accelerated through the use of a multiplicity of specialized modules. A language interface is defined for specifying both stateless and stateful classification of packets and to associate actions with classification results in order to efficiently utilize these specialized modules.
Owner:INTEL CORP

Network receive interface for high bandwidth hardware-accelerated packet processing

Disclosed is a system and methods for accelerating network packet processing for devices configured to process network traffic at relatively high data rates. The system incorporates a hardware-accelerated packet processing module that handles in-sequence network packets and a software-based processing module that handles out-of-sequence and exception case network packets.
Owner:PROMISE TECHNOLOGY

Systems and methods for managing static proximity in multi-core gslb appliance

The present invention is directed towards systems and methods for providing static proximity load balancing via a multi-core intermediary device. An intermediary device providing global server load balancing identifies a size of a location database comprising static proximity information. The intermediary device stores the location database to an external storage of the intermediary device responsive to determining the size of the location database is greater than a predetermined threshold. A first packet processing engine on the device receives a domain name service request for a first location, determines that proximity information for the first location is not stored in a first memory cache, transmits a request to a second packet processing engine for proximity information of the first location, and transmits a request to the external storage for proximity information of the first location responsive to the second packet processing engine not having the proximity information.
Owner:CITRIX SYST INC

Method and apparatus for robust packet distribution among hierarchical managed switching elements

For a network that includes several managed edge switching elements and several managed non-edge switching elements that are for implementing a logical switching element, some embodiments provide a method of distributing packet processing across the several managed non-edge switching elements. The method receives a packet for processing through the logical switching element. Based on a determination that the packet needs to be processed by a managed non-edge switching element, the method determines a particular managed non-edge switching element of the several managed non-edge switching elements to forward the packet. The method forwards the packet to the particular managed non-edge switching element for the particular managed non-edge switching element to process the packet.
Owner:NICIRA

Fast handoff support for wireless networks

Systems and methods for providing fast handoff support by transferring information are provided. Additionally, a generic protocol message format is presented which allows the transfer of information used in the handoff. The generic protocol allows a gateway to request contexts or session information and send information that allows tunnel setup and mapping to other connections. The session, tunnel, and mapping information allow the gateways to switch packet processing operations without causing disruption to the packet flow. Further, in inter-gateway handoffs or inter-access network handoffs, fast and seamless handoffs are provided so the mobile station keeps the same IP address and the session continues.
Owner:CISCO TECH INC

Packet queuing, scheduling and ordering

A method and apparatus for ordering, synchronizing and scheduling work in a multi-core network services processor is provided. Each piece of work is identified by a tag that indicates how the work is to be synchronized and ordered. Throughput is increased by processing work having different tags in parallel on different processor cores. Packet processing can be broken up into different phases, each phase having a different tag dependent on ordering and synchronization constraints for the phase. A tag switch operation initiated by a core switches a tag dependent on the phase. A dedicated tag switch bus minimizes latency for the tag switch operation.
Owner:MARVELL ASIA PTE LTD

Packet processing device

A packet processing device has a search engine module including an associative memory for transferring a packet on the basis of an entry mapping to route information, a first processor taking charge of a pre-search process before a process of the packet to the search engine module, and a second processor taking charge of a post-search process for executing a process of routing the packet on the basis of a search result of the search engine module. In this architecture, the packet processing device further has a table used for transferring and receiving information between the first processor in charge of the pre-search process and the second processor in charge of the post-search processor, and identifying information in a specified field of the table is transferred through the search engine module as a transparent medium.
Owner:FUJITSU LTD

Angle of arrival and/or range estimation within a wireless communication device

Angle of arrival and / or range estimation within a wireless communication device. Appropriate processing of communications received by a wireless communication device is performed to determine the angle of arrival of the communication (e.g., with respect to some coordinate basis of the wireless communication device). Also, appropriate processing of the communications may be performed in accordance with range estimation as performed by the wireless communication device to determine the distance between the transmitting and receiving wireless communication devices. There are two separate modes of packet processing operations that may be performed: (1) when contents of the received packet are known, and (2) when contents of the received packet are unknown. The wireless communication device includes a number of antenna, and a switching mechanism switches from among the various antennae capitalizing on the spatial diversity of the antennae to generate a multi-antenna signal.
Owner:AVAGO TECH INT SALES PTE LTD

Adaptive, flow-based network traffic measurement and monitoring system

Methods, apparatuses and systems directed to an adaptive network traffic monitoring and measurement system. In one implementation, the present invention provides a measurement engine that monitors data flows on the packet processing path of a network device and executes measurement policy that control the granularity with which measurement data is recorded. In one implementation, the present invention provides a filtering and aggregation mechanism that can seamlessly adapt to changes in measurement policy configuration.
Owner:CA TECH INC

Network interface device with memory management capabilities

An input / output (I / O) device includes a host interface for connection to a host device having a memory and a network interface, which is configured to receive, over a network, data packets associated with I / O operations directed to specified virtual addresses in the memory. Packet processing hardware is configured to translate the virtual addresses into physical addresses and to perform the I / O operations using the physical addresses, and upon an occurrence of a page fault in translating one of the virtual addresses, to transmit a response packet over the network to a source of the data packets so as to cause the source to refrain from transmitting further data packets while the page fault is serviced.
Owner:MELLANOX TECHNOLOGIES LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products