-
公开(公告)号:US07779126B1
公开(公告)日:2010-08-17
申请号:US11395329
申请日:2006-03-31
申请人: David Cheriton
发明人: David Cheriton
IPC分类号: G06F15/173 , H04N7/12
CPC分类号: H04L63/0263 , H04L63/1408 , H04L67/34
摘要: A method and system for propagating filters to an upstream device. The method includes generating a filter at a first network device and sending information on the filter to a second network device located upstream from the first network device. The first network device then requests the second network device to install the filter.
摘要翻译: 一种用于将过滤器传播到上游设备的方法和系统。 该方法包括在第一网络设备处生成过滤器,并将过滤器上的信息发送到位于第一网络设备上游的第二网络设备。 然后,第一网络设备请求第二网络设备安装过滤器。
-
公开(公告)号:US20060155875A1
公开(公告)日:2006-07-13
申请号:US11297551
申请日:2005-12-08
申请人: David Cheriton
发明人: David Cheriton
IPC分类号: G06F15/16
CPC分类号: G06F17/30982 , G06F17/30876 , H04L69/22
摘要: A system and method for efficiently searching long strings of data, such as network messages, is described. The system preferably includes an associative memory structure, having a plurality of content addressable memories (CAMs). The CAMs are hierarchically arranged such the output of at least one CAM is used as the input to a second CAM. Preferably, a top-level CAM receives only a selected portion of the data string or network message as its input. The output of the top-level CAM is then joined with some or all of the remaining portions of the data string to form a new output that is provided to the CAM at the next lower level. The top-level CAM is programmed such that its output is substantially smaller (e.g., has fewer bits) than the selected data string portion that is input to the top-level CAM. The system can thus search data strings that are on the whole far longer than the widths of the respective CAMs forming the memory structure.
-
3.发明授权公开(公告)号:US07843926B1
公开(公告)日:2010-11-30
申请号:US11098708
申请日:2005-04-05
申请人: Shimon Muller , Ariel Hendel , Yatin Gajjar , Michael Wong , Andreas Bechtolsheim , David Cheriton , Mohammad Issa , Aly Orady , Raju Penumatcha
发明人: Shimon Muller , Ariel Hendel , Yatin Gajjar , Michael Wong , Andreas Bechtolsheim , David Cheriton , Mohammad Issa , Aly Orady , Raju Penumatcha
IPC分类号: H04L12/28
CPC分类号: G06F13/102 , G06F13/387
摘要: A network system which includes a plurality of separate processing entities, an input output bus, and a network interface unit shared among the plurality of separate processing entities is disclosed. The network interface unit is coupled to the plurality of separate processing entities via the input output bus. The network interface unit has a plurality of memory access channels and each memory access channel is assigned to one processing entity.
摘要翻译: 公开了一种网络系统,其包括多个单独的处理实体,输入输出总线和在所述多个单独处理实体之间共享的网络接口单元。 网络接口单元经由输入输出总线耦合到多个单独的处理实体。 网络接口单元具有多个存储器访问通道,并且每个存储器访问通道被分配给一个处理实体。
-
公开(公告)号:US07054930B1
公开(公告)日:2006-05-30
申请号:US09698968
申请日:2000-10-26
申请人: David Cheriton
发明人: David Cheriton
IPC分类号: G06F15/173 , H04L9/32
CPC分类号: H04L63/0263 , H04L63/1408 , H04L67/34
摘要: A method and system for propagating filters to an upstream device. The method includes generating a filter at a first network device and sending information on the filter to a second network device located upstream from the first network device. The first network device then requests the second network device to install the filter.
摘要翻译: 一种用于将过滤器传播到上游设备的方法和系统。 该方法包括在第一网络设备处生成过滤器,并将过滤器上的信息发送到位于第一网络设备上游的第二网络设备。 然后,第一网络设备请求第二网络设备安装过滤器。
-
公开(公告)号:US20050129019A1
公开(公告)日:2005-06-16
申请号:US10716656
申请日:2003-11-19
申请人: David Cheriton
发明人: David Cheriton
CPC分类号: H04L63/0272 , H04L63/08 , H04L63/101 , H04L63/105 , H04L63/1458
摘要: A method for providing security groups based on the use of tunneling is disclosed. The method includes assigning a security group identifier (SGI) to a packet and classifying the packet based on the packet's SGI.
摘要翻译: 公开了一种基于使用隧道技术提供安全组的方法。 该方法包括:将一个安全组标识符(SGI)分配给分组,并根据分组的SGI对分组进行分类。
-
6.发明申请Method, apparatus & computer program product for borrowed-virtual-time scheduling 有权借用虚拟时间调度的方法,设备和计算机程序产品公开(公告)号:US20070150898A1
公开(公告)日:2007-06-28
申请号:US11471023
申请日:2006-06-20
申请人: Kenneth Duda , David Cheriton
发明人: Kenneth Duda , David Cheriton
IPC分类号: G06F9/46
CPC分类号: G06F9/4887
摘要: The present invention includes a scheduling mechanism that fairly allocates a resource to a number of schedulable elements of which some are latency-sensitive. The invention tracks each element's use of the resource by determining the element's virtual time. An active element is selected from the elements that are ready to use the resource by determining the element that has the smallest effective virtual time. The effective virtual time is the element's actual virtual time modified by a borrowed virtual time value. When an element has a short-term need for the resource, it can borrow the privilege to run by borrowing virtual time. As the element uses the resource, it consumes virtual time according to its weight. When the elements are scheduled for the resource, the ready element having the smallest virtual time is selected. The invention enforces long-term fairness to each element while allowing latency-sensitive elements to be preferably selected. One preferred embodiment is a thread-of-execution scheduler for a computer system. This embodiment allocates the CPU time (the resource) between multiple threads (the elements). Latency-sensitive threads (for example, video display programs) can borrow virtual time so that they are more likely to be scheduled when a condition is satisfied (for example, expiration of a timer that triggers the display of the next video frame). Another preferred embodiment is a queue scheduler for an output-queued data switch. Here multiple queues feed an output port. The multiple queues have different service requirements. The invention provides long-term fairness while still satisfying queues that contain latency-sensitive data.
摘要翻译: 本发明包括一种调度机制,其将资源公正地分配给多个可调度元素,其中一些是可延迟敏感的。 本发明通过确定元素的虚拟时间跟踪每个元素对资源的使用。 通过确定具有最小有效虚拟时间的元素,从准备好使用资源的元素中选择活动元素。 有效虚拟时间是由借用的虚拟时间值修改的元素的实际虚拟时间。 当一个元素对资源有短期需求时,它可以借用虚拟时间借用的特权。 当元素使用资源时,它会根据其重量消耗虚拟时间。 当为资源调度元素时,选择具有最小虚拟时间的就绪元素。 本发明对每个元件实施长期公平性,同时优选地选择延迟敏感元件。 一个优选实施例是用于计算机系统的线程执行调度器。 该实施例分配多个线程(元素)之间的CPU时间(资源)。 延迟敏感线程(例如,视频显示程序)可以借用虚拟时间,使得当满足条件(例如,触发下一个视频帧的显示的定时器的到期)时,它们更可能被调度。 另一优选实施例是用于输出排队的数据交换机的队列调度器。 这里有多个队列提供输出端口。 多个队列具有不同的服务要求。 本发明提供长期的公平性,同时仍然满足包含延迟敏感数据的队列。
-
公开(公告)号:US07120931B1
公开(公告)日:2006-10-10
申请号:US09652454
申请日:2000-08-31
申请人: David Cheriton
发明人: David Cheriton
CPC分类号: H04L63/0227
摘要: A method and system for generating filters based on analyzed flow data are disclosed. A method generally comprises separating the data into different network flows, analyzing at least one of the network flows, and detecting potentially harmful network flows. A filter is generated to prevent packets corresponding to the detected potentially harmful network flows from passing through the network device.
摘要翻译: 公开了一种基于分析流量数据生成滤波器的方法和系统。 一种方法通常包括将数据分离成不同的网络流,分析网络流中的至少一个,并且检测潜在有害的网络流。 生成过滤器以防止与检测到的潜在有害网络流对应的分组通过网络设备。
-
8.发明申请公开(公告)号:US20060104286A1
公开(公告)日:2006-05-18
申请号:US11322135
申请日:2005-12-28
申请人: David Cheriton
发明人: David Cheriton
IPC分类号: H04L12/56
CPC分类号: G06F17/30955 , G06F17/30949 , H04L45/00 , H04L45/7453 , Y10S707/99933
摘要: Methods and apparatus are disclosed herein for classifying packets using ternary and binary content-addressable memory stages to classify packets. One such system uses a stage of one or more TCAMS followed by a second stage one or more CAMS (or alternatively some other binary associative memories such as hash tables or TRIEs) to classify a packet. One exemplary system includes TCAMs for handling input and output classification and a forwarding CAM to classify packets for Internet Protocol (IP) forwarding decisions on a flow label. This input and output classification may include, but is not limited to routing, access control lists (ACLs), quality of service (QoS), network address translation (NAT), encryption, etc. These IP forwarding decisions may include, but are not limited to IP source and destination addresses, protocol type, flags and layer 4 source and destination ports, a virtual local area network (VLAN) id and/or other fields.
-
公开(公告)号:US20050201284A1
公开(公告)日:2005-09-15
申请号:US11118205
申请日:2005-04-29
申请人: David Cheriton
发明人: David Cheriton
IPC分类号: G01R31/08
CPC分类号: H04L47/20 , H04L47/12 , H04L47/193 , H04L47/21 , H04L47/2408 , H04L47/29 , H04L69/163
摘要: An extension to the conventional single rate microflow policer that provides dual rate policing with a minimum of extra resource utilization. Using the extended microflow policer, an aggressive TCP flow ramps up to exceed the policer rate, setting a burst drop flag. Once the flow rate exceeds the burst rate, a single packet is dropped and the burst drop flag is cleared. On seeing the single packet drop, the TCP sender is then expected to reduce its rate. Flows that do not back off will eventually exceed a higher, hard drop threshold and experience packet drop. An aggressive TCP rate thus oscillate around the burst rate, efficiently approaching the hard drop rate without exceeding it. The addition of only a single bit flag avoids the cost of a dual-rate policer and the tail drop behavior induced by a single rate policer.
摘要翻译: 扩展到传统的单速率微流量监管器,其提供了双重速率监管,并具有最少的额外资源利用率。 使用扩展的微流策略器,攻击性TCP流量上升到超过监控器速率,设置突发丢弃标志。 一旦流量超过突发速率,就会丢弃一个数据包,并清除脉冲串丢弃标志。 在看到单个数据包丢弃时,TCP发送者预计会降低其速率。 不退回的流最终将超过更高的硬丢弃阈值,并且经历数据包丢失。 激进的TCP速率因此在突发速率周围振荡,有效地接近硬丢失率而不超过它。 仅添加单个位标志可以避免双速率策略器的成本和单个速率策略器引起的尾部丢失行为。
-
公开(公告)号:US20050018668A1
公开(公告)日:2005-01-27
申请号:US10626792
申请日:2003-07-24
申请人: David Cheriton
发明人: David Cheriton
IPC分类号: H04L12/56
CPC分类号: H04L47/10
摘要: A method and apparatus for determining if a packet is a duplicate packet are disclosed. The method includes determining if a field of a duplicate packet map (DPM) indicates the packet is the duplicate packet. The determination is made using a packet summary value (PSV) corresponding to the packet. The apparatus (a network device, for example) includes a duplicate packet map (DPM), which can be used to make the foregoing determination.
摘要翻译: 公开了一种用于确定分组是否是重复分组的方法和装置。 该方法包括确定重复分组映射(DPM)的字段是否指示分组是重复分组。 使用与分组对应的分组摘要值(PSV)进行确定。 该装置(例如,网络装置)包括可用于进行上述确定的重复分组映射(DPM)。
-
-
-
-
-
-
-
-
-
搜索结果
12 条记录 (耗时 0.016 秒)
