公开(公告)号：US20250047589A1

公开(公告)日：2025-02-06

申请号：US18362460

申请日：2023-07-31

Applicant: Pensando Systems Inc.

Inventor： Sarat Kamisetty ,  Venkata Gopi Ravi Kumar Pedaprolu ,  Balakrishnan Raman ,  Arun Selvarajan ,  Krishna Doddapaneni

IPC: H04L45/021 ,  H04L49/00

Abstract: A networking device in a HA configuration processes network flows for a VNIC. Network configurations include networking policies that govern network packet processing by the networking device. Global epoch values are associated with each version of the network configuration. The networking device has a control plane, a data plane, and a flow table. The control plane uses the most recent network configuration to produce flow table entries to be stored in the flow table and the data plane uses the flow table entries to process network packets. Flow table entries include flow epoch values that match the global epoch value associated with the network configurations used to create the flow entries. A datapath epoch value, a VNIC peer epoch value, and a VNIC local epoch value are associated with each VNIC. The various epoch values are used to ensure consistent flow table entries among the peers in the HA configuration.

公开(公告)号：US20240354447A1

公开(公告)日：2024-10-24

申请号：US18136157

申请日：2023-04-18

Applicant: Pensando Systems Inc.

Inventor： Michael Brian Galles ,  Francis Matus ,  Anton Sabev

IPC: G06F21/74 ,  G06F21/54 ,  G06F21/55

CPC classification number: G06F21/74 ,  G06F21/54 ,  G06F21/556

Abstract: A system includes a hardware entity that can perform tasks in a secure mode or in an insecure mode. The system's secure resources include a secure memory and a secure logical interface (LIF). The system's insecure resources include an insecure memory and a first insecure LIF. A security mode circuit in the hardware entity can set the hardware entity to secure mode or to insecure mode. Tasks submitted via the secure LIF are performed in secure mode. Tasks submitted via the insecure LIF are performed in insecure mode. The tasks are associated with security mode status indicators that are written to the hardware entities security mode indicator to thereby set the hardware entity into secure mode or insecure mode. The hardware entity cannot access secure resources while in insecure mode.

公开(公告)号：US12021963B2

公开(公告)日：2024-06-25

申请号：US17411988

申请日：2021-08-25

Applicant: Pensando Systems Inc.

Inventor： Varagur Chandrasekaran ,  Akshaya Nadahalli ,  Balakrishnan Raman ,  Chandrasekaran Swaminathan ,  John Cruz ,  Maruthi Ram Namburu ,  Pirabhu Raman ,  Vijay Sampath ,  Vipin Jain

IPC: H04L7/033 ,  G06F16/22 ,  G06F16/27 ,  H04L67/1095

CPC classification number: H04L7/033 ,  G06F16/22 ,  G06F16/27 ,  H04L67/1095

Abstract: Synchronizing the databases maintained by network appliances can support high availability or high throughput topologies, but also consumes the devices' processing resources. To address that resource consumption, the network appliance's packet processing pipeline circuits can process synchronization packets to thereby synchronize the databases. A local data structure can be in a first local state. Processing a network packet can result in changing the local data structure to a second local state. A state sync packet can include state transition data that indicates a state difference between the first local state and the second local state. The state sync packet can be sent to a peer device that is configured to process the state transition data using the peer device's packet processing pipeline circuit. The peer device's packet processing pipeline can use the state transition data to update a peer device data structure that is in the peer device.

公开(公告)号：US12015722B2

公开(公告)日：2024-06-18

申请号：US16958611

申请日：2018-12-20

Applicant: Pensando Systems Inc.

Inventor： Vipin Jain ,  Ravi Kumar Gadde ,  Enrico Schiattarella ,  Sukhesh Halemane

IPC: H04L9/32 ,  G06F9/455 ,  H04L9/08 ,  H04L9/40 ,  H04L29/06

CPC classification number: H04L9/3268 ,  G06F9/45558 ,  H04L9/0894 ,  H04L63/205 ,  G06F2009/45595

Abstract: Methods and network interface devices for establishing a secure and authenticated network connection are provided. The method comprises: receiving, from a requesting entity, a destination IP address and a first certificate that is used to establish a secure network connection, wherein the first certificate comprises a first security attribute that is associated with a source destination IP address; identifying, with aid of one or more processors, a stored second security attribute associated with the destination IP address; and determining, with aid of the one or more processors, a policy action based at least in part on the first security attribute and the second security attribute.

公开(公告)号：US20240129080A1

公开(公告)日：2024-04-18

申请号：US17965368

申请日：2022-10-13

Applicant: Pensando Systems Inc.

Inventor： Mario Baldi ,  Roger Andersson

IPC: H04L5/00 ,  H04L9/06

CPC classification number: H04L5/0044 ,  H04L9/0618

Abstract: Packets may be transformed cryptographically or compressively in order to secure network communications and to preserve network bandwidth. The transformations may be applied at more than one protocol layer which can result in unnecessary operations such encrypting or compressing data that is already encrypted. This wastes processing resources. A solution is to selectively apply transformations. A network appliance can receive an initial layer packet for transmission to a network destination. The initial layer header of the initial layer packet can be used to determine an initial state indicator that indicates an initial state (e.g., encrypted, compressed, etc.) of an initial layer payload of the initial layer packet. The initial layer packet can be encapsulated in a subsequent layer packet as a subsequent layer payload. Selectively applying a transform to the subsequent layer payload based on the initial state indicator can avoid the unnecessary operation.

公开(公告)号：US20240097999A1

公开(公告)日：2024-03-21

申请号：US17949998

申请日：2022-09-21

Applicant: Pensando Systems Inc.

Inventor： Yan Sun ,  Shrey Ajmera

IPC: H04L43/062 ,  G06N20/20 ,  H04L41/16 ,  H04L43/0823

CPC classification number: H04L43/062 ,  G06N20/20 ,  H04L41/16 ,  H04L43/0823

Abstract: Edge nodes, such as SmartNICs, routers, and switches can process the network traffic of workloads running on servers. The edge node can produce measurement streams that include measurement values produced by measuring one or more network performance metric. The measurement streams can be sent to anomaly detectors that are running on the edge nodes. The anomaly detectors can detect anomalies in the measurement streams and can report the anomalies to a person or a process designated to or subscribed for receiving the anomaly reports. An anomaly in the measurement stream can indicate anomalous network traffic and an anomaly detector can use an unsupervised machine learning model to detect the anomalies. The machine learning model may have been trained by an unsupervised machine learning algorithm that adapts the machine learning model for detecting anomalies in the measurement stream.

公开(公告)号：US11709776B2

公开(公告)日：2023-07-25

申请号：US17216447

申请日：2021-03-29

Applicant: Pensando Systems Inc.

Inventor： Changqi Yang

IPC: G06F12/08 ,  G06F12/02 ,  G06F12/0864 ,  G06F12/0811 ,  G06F12/084

CPC classification number: G06F12/0864 ,  G06F12/0238 ,  G06F12/084 ,  G06F12/0811 ,  G06F2212/1021

Abstract: N-way associative cache pools can be implemented in an N-way associative cache. Different cache pools can be indicated by pool values. Different processes running on a computer can use different cache pools. An N-way associative cache circuit can be configured to have one or more stripe mode cache pools that are N-way associative. A cache control circuit can receive a physical address for a memory location and can interpret the physical address as fields including a tag field that contains a tag value and a set field that contains a set value. The physical address can also be used to determine a pool value that identifies one of the stripe mode cache pools. A set of N cache entries in the one of the stripe mode cache pools can be concurrently searched for the tag value. The set of N cache entries is determined using the set value.

公开(公告)号：US20230221940A1

公开(公告)日：2023-07-13

申请号：US17573512

申请日：2022-01-11

Applicant: Pensando Systems Inc.

Inventor： Chinmoy Dey ,  Hareesh Ramachandran ,  Kalyan Bade

IPC: G06F8/65

CPC classification number: G06F8/65

Abstract: Upgrading a network appliance to a second firmware is dynamically specified and implemented to minimize network disruption. The installed firmware runs in a first execution domain and the second firmware runs in safe mode in a second execution domain. Upgrade planning data is produced by monitoring service executables in the second execution domain for stage failures at various execution states. The upgrade planning data is used to produce an upgrade specification for upgrading from the installed firmware to the second firmware. The upgrade planning data can indicate that there are execution state dependencies between the service executables. The upgrade specification can be adapted for the execution state dependencies and used by a finite state machine to implement the upgrade.

公开(公告)号：US11641407B2

公开(公告)日：2023-05-02

申请号：US17179306

申请日：2021-02-18

Applicant: Pensando Systems Inc.

Inventor： Dhruval Shah

IPC: G06F15/173 ,  H04L67/00 ,  H04L67/06 ,  H04L69/08

Abstract: Methods and systems for implementing communications between a Management Controller (MC) and a Network Controller (NC) are disclosed. Embodiments of the present technology may include a method for implementing communications between an MC and an NC that involves establishing Internet Protocol (IP) connectivity between the MC and the NC using Network Controller Sideband Interface (NC-SI) control packets and communicating between the MC and the NC via an NC-SI and the established IP connectivity.

公开(公告)号：US20230064845A1

公开(公告)日：2023-03-02

申请号：US17463256

申请日：2021-08-31

Applicant: Pensando Systems Inc.

Inventor： Vijay Srinivasan ,  Sarat Kamisetty ,  Krishna Doddapaneni ,  John Cruz ,  Loganathan Nallusamy

IPC: H04L12/26 ,  H04L12/24 ,  H04L12/935

Abstract: An orchestrator can send trace directives to network appliances that indicate a network flow to trace. The network appliances can include packet processing pipelines that each include numerous processing stages. The network appliances implement network rules for processing network flows by configuring the pipeline's processing stages to execute specific policies for specific network packets in accordance with the network rules. The processing stages can also be configured to produce metadata indicating the policies implemented at each stage to process certain network packets in network flows indicated by trace directives. The metadata can be used to produce a trace report that indicates a network packet of the network flow, a first network rule that was applied to the network packet by a one of the first appliance processing stages, and the one of the first appliance processing stages that applied the first network rule to the network packet.