公开(公告)号：US20230188561A1

公开(公告)日：2023-06-15

申请号：US17550867

申请日：2021-12-14

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Dotan Finkelshtien ,  Alexander Bilkovskii ,  Roni Bar Yanai ,  Juan Jose Vegas Olmos

IPC: H04L9/40 ,  G06N20/00

CPC classification number: H04L63/1466 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/166 ,  H04L63/20 ,  G06N20/00

Abstract: A device receives a packet from a local network. The packet may be directed toward a cloud computing resource. The device determines that the packet is associated with a new packet flow. In response to determining that the packet is associated with the new packet flow, the device provides one or more packets from the new packet flow to a machine learning model for packet inspection. The device receives an output from the machine learning model and routes the new packet flow based on the output received from the machine learning model. The output indicates whether or not the new packet flow is associated with a network attack.

公开(公告)号：US11968126B2

公开(公告)日：2024-04-23

申请号：US17955583

申请日：2022-09-29

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Roni Bar Yanai ,  Jiawei Wang ,  Yossef Efraim ,  Chen Rozenbaum

IPC: H04L47/2483 ,  H04L45/748

CPC classification number: H04L47/2483 ,  H04L45/748

Abstract: A method includes providing a library of hardware-agnostic packet-processing functions. A functional hardware-agnostic specification of a packet-processing pipeline, for use in a network device, is received from a user. The specification is defined in terms of one or more of the packet-processing functions draws from the library. A hardware-specific design of the packet-processing pipeline, which is suited to given hardware, is derived from the specification.

公开(公告)号：US20230262005A1

公开(公告)日：2023-08-17

申请号：US17671625

申请日：2022-02-15

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Roni Bar Yanai ,  Eli Britstein

IPC: H04L47/2483 ,  H04L47/21 ,  H04L47/78 ,  H04L47/283 ,  H04L47/62

CPC classification number: H04L47/2483 ,  H04L47/21 ,  H04L47/78 ,  H04L47/283 ,  H04L47/6235

Abstract: In one embodiment, a device includes an interface to send and receive packets of network flows, and processing circuitry to track a connection status of each of the network flows, selectively assign some network flows of the network flows having a non-terminated connection status to a flow aging process based on a statistical model of connection termination, operate the flow aging process to identify idle network flows of the some network flows, and release resources associated with the idle network flows.

公开(公告)号：US12218849B2

公开(公告)日：2025-02-04

申请号：US18589466

申请日：2024-02-28

Applicant: Mellanox Technologies, Ltd.

Inventor： Roni Bar Yanai ,  Jiawei Wang ,  Yossef Efraim ,  Chen Rozenbaum

IPC: H04L47/2483 ,  H04L45/748

Abstract: A method includes providing a library of hardware-agnostic packet-processing functions. A functional hardware-agnostic specification of a packet-processing pipeline is received from a user. The specification is defined in terms of one or more of the packet-processing functions drawn from the library. A hardware-specific design of the packet-processing pipeline, which is suited to given hardware, is derived from the specification.

公开(公告)号：US20240291766A1

公开(公告)日：2024-08-29

申请号：US18113100

申请日：2023-02-23

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Gal Shalom ,  Omri Kahalon ,  Aviad Yehezkel ,  Yossi Kuperman ,  Roni Bar Yanai

IPC: H04L47/31 ,  H04L47/62 ,  H04L49/00

CPC classification number: H04L47/31 ,  H04L47/215 ,  H04L47/622 ,  H04L47/629 ,  H04L49/3009

Abstract: In one embodiment, a network device, including a network interface to receive packets over a packet data network, and a hierarchical policer to provide queue fairness for a plurality of network flows competing for access to a multiplex network receive queue, and including level one meters to label the received packets, a level two meter to receive at least some of the labeled packets and relabel the at least some labeled packets, and queueing logic add the packets labeled with a first label-type to the multiplex network receive queue and drop the packets labeled with a third label-type.

公开(公告)号：US20230269037A1

公开(公告)日：2023-08-24

申请号：US17678074

申请日：2022-02-23

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Gil Levy ,  Roni Bar Yanai ,  Avi Urman

IPC: H04L1/20 ,  G06F16/28 ,  G06F16/22

CPC classification number: H04L1/201 ,  G06F16/285 ,  G06F16/2255

Abstract: A classification apparatus includes a memory and a processor. The memory is configured to store rules corresponding to a corpus of rules in respective rule entries, each rule includes a respective set of unmasked bits having corresponding bit values, and at least some of the rules include masked bits. The rules in the corpus conform to respective Rule Patterns (RPs), each RP defining a respective sequence of masked and unmasked bits. The processor is configured to cluster the RPs, using a clustering criterion, into extended Rule Patterns (eRPs) associated with respective hash tables including buckets for storing rule entries. The clustering criterion aims to minimize an overall number of the eRPs while meeting a collision condition that depends on a specified maximal number of rule entries per bucket.

公开(公告)号：US20240250911A1

公开(公告)日：2024-07-25

申请号：US18589466

申请日：2024-02-28

Applicant: Mellanox Technologies, Ltd.

Inventor： Roni Bar Yanai ,  Jiawei Wang ,  Yossef Efraim ,  Chen Rozenbaum

IPC: H04L47/2483 ,  H04L45/748

CPC classification number: H04L47/2483 ,  H04L45/748

Abstract: A method includes providing a library of hardware-agnostic packet-processing functions. A functional hardware-agnostic specification of a packet-processing pipeline is received from a user. The specification is defined in terms of one or more of the packet-processing functions drawn from the library. A hardware-specific design of the packet-processing pipeline, which is suited to given hardware, is derived from the specification.

公开(公告)号：US20230139481A1

公开(公告)日：2023-05-04

申请号：US17955583

申请日：2022-09-29

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Roni Bar Yanai ,  Jiawei Wang ,  Yossef Efraim ,  Chen Rozenbaum

IPC: H04L47/2483 ,  H04L45/748

Abstract: A method includes providing a library of hardware-agnostic packet-processing functions. A functional hardware-agnostic specification of a packet-processing pipeline, for use in a network device, is received from a user. The specification is defined in terms of one or more of the packet-processing functions draws from the library. A hardware-specific design of the packet-processing pipeline, which is suited to given hardware, is derived from the specification.

公开(公告)号：US11929837B2

公开(公告)日：2024-03-12

申请号：US17678074

申请日：2022-02-23

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Gil Levy ,  Roni Bar Yanai ,  Avi Urman

IPC: G06F16/22 ,  G06F16/28 ,  H04L1/20

CPC classification number: H04L1/201 ,  G06F16/2255 ,  G06F16/285

Abstract: A classification apparatus includes a memory and a processor. The memory is configured to store rules corresponding to a corpus of rules in respective rule entries, each rule includes a respective set of unmasked bits having corresponding bit values, and at least some of the rules include masked bits. The rules in the corpus conform to respective Rule Patterns (RPs), each RP defining a respective sequence of masked and unmasked bits. The processor is configured to cluster the RPs, using a clustering criterion, into extended Rule Patterns (eRPs) associated with respective hash tables including buckets for storing rule entries. The clustering criterion aims to minimize an overall number of the eRPs while meeting a collision condition that depends on a specified maximal number of rule entries per bucket.

公开(公告)号：US11765093B2

公开(公告)日：2023-09-19

申请号：US17671625

申请日：2022-02-15

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Roni Bar Yanai ,  Eli Britstein

IPC: H04L47/21 ,  H04L47/2483 ,  H04L47/62 ,  H04L47/283 ,  H04L47/78

CPC classification number: H04L47/2483 ,  H04L47/21 ,  H04L47/283 ,  H04L47/6235 ,  H04L47/78

Abstract: In one embodiment, a device includes an interface to send and receive packets of network flows, and processing circuitry to track a connection status of each of the network flows, selectively assign some network flows of the network flows having a non-terminated connection status to a flow aging process based on a statistical model of connection termination, operate the flow aging process to identify idle network flows of the some network flows, and release resources associated with the idle network flows.