US20090307363A1 - Network protocol reassembly accelaration - Google Patents
Network protocol reassembly accelaration Download PDFInfo
- Publication number
- US20090307363A1 US20090307363A1 US12/255,916 US25591608A US2009307363A1 US 20090307363 A1 US20090307363 A1 US 20090307363A1 US 25591608 A US25591608 A US 25591608A US 2009307363 A1 US2009307363 A1 US 2009307363A1
- Authority
- US
- United States
- Prior art keywords
- tcp
- incoming
- packet
- memory
- network interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/166—IP fragmentation; TCP segmentation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/08—Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
- G06F12/10—Address translation
- G06F12/1081—Address translation for peripheral access to main memory, e.g. direct memory access [DMA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/50—Queue scheduling
- H04L47/62—Queue scheduling characterised by scheduling criteria
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/50—Queue scheduling
- H04L47/62—Queue scheduling characterised by scheduling criteria
- H04L47/621—Individual queue per connection or flow, e.g. per VC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/30—Peripheral units, e.g. input or output ports
- H04L49/3045—Virtual queuing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/14—Handling requests for interconnection or transfer
- G06F13/16—Handling requests for interconnection or transfer for access to memory bus
- G06F13/1668—Details of memory controller
- G06F13/1689—Synchronisation and timing concerns
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2212/00—Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
- G06F2212/65—Details of virtual memory and virtual address translation
- G06F2212/651—Multi-level translation tables
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2212/00—Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
- G06F2212/65—Details of virtual memory and virtual address translation
- G06F2212/657—Virtual address space management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Memory System Of A Hierarchy Structure (AREA)
Abstract
Methods and systems are provided for network protocol reassembly acceleration. According to one embodiment, an incoming packet is received at a network interface. Payload data from the packet is written by a memory interface to a physical page within a system memory on behalf of the network interface based on a sequence number associated with the incoming packet and by obtaining a physical address from a virtual memory map corresponding to an incoming session with which the packet is associated. After the physical page is full, the physical page is made accessible to a user process being executed by a processor associated with the system memory by remapping the physical page through a paging table used by the user process.
Description
- This application claims the benefit of U.S. Provisional Application No. 61/060,114 filed on Jun. 9, 2008, which is hereby incorporated by reference in its entirety for all purposes.
- Contained herein is material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction of the patent disclosure by any person as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all rights to the copyright whatsoever. Copyright© 2008, Fortinet, Inc.
- 1. Field
- Embodiments of the present invention generally relate to network traffic acceleration. In particular, embodiments of the present invention relate to inbound network protocol reassembly acceleration (e.g., Transmission Control Protocol (TCP) reassembly acceleration).
- 2. Description of the Related Art
-
FIG. 1 conceptually illustrates TCP reassembly processing as it is typically performed. As a result of TCP segmentation processing, which is applied to segment or fragment TCP payload data across multiple outbound TCP packets, and because TCP/IP allows out of order packet delivery to receivers, receivers must be prepared to accept pieces, e.g., incomingpackets 160, and put them back together. This is referred to as “TCP reassembly.” The TCP reassembly process is performed by the TCP protocol in the host computer. When TCP segmentation or TCP reassembly are performed on behalf of the host computer by separate hardware or a separate processor, such as one associated with a network interface controller (NIC), the process is said to have been “offloaded.” - Conventional operating systems usually segregate virtual memory into
kernel space 140 and user space 150. User mode applications, such as user process 120 (e.g., an antivirus scanning process), are forbidden from writing to or otherwise accessingkernel space 140. User space 150 is the memory area in which user mode applications are permitted to operate. - Typically, TCP payload, such as
payload data 147 is intended for delivery or processing by a user process, such as user process 120. Before making thepayload data 147 available to the user process 120; however, akernel process 110 may processheader data 145 associated with thepayload data 147 to validate theheader data 145. The user process 120 may supply a virtually contiguous buffer to thekernel process 110 into which thekernel process 110 copies thepayload data 147. - TCP reassembly offloading is used to increase system throughput and decrease central processing unit (CPU) usage; however, in traditional implementations, in order to allow it to be physically addressed by a TCP offload engine (TOE) (not shown), the
payload data 147, which is initially stored inkernel space 140, needs to be copied to contiguous user space 150 by the CPU (not shown) to create apayload data copy 157. This movement of payload data fromkernel space 140 to user space 150 withinsystem memory 130 is CPU intensive and reduces incoming TCP traffic throughput. - Thus, there is a need in the art for improved inbound network traffic processing.
- Methods and systems are described for network protocol reassembly acceleration. According to one embodiment, a method is provided for reassembly processing without kernel-user space copying of payload data. An incoming packet is received at a network interface. Payload data from the packet is written by a memory interface to a physical page within a system memory on behalf of the network interface based on a sequence number associated with the incoming packet and by obtaining a physical address from a virtual memory map corresponding to an incoming session with which the packet is associated. After the physical page is full, the physical page is made accessible to a user process being executed by a processor associated with the system memory by remapping the physical page through a paging table used by the user process.
- In the aforementioned embodiment, the incoming packet may be a TCP packet and the incoming session may be an incoming TCP session.
- In various instances of the aforementioned embodiments, one or more physical pages of the system memory are allocated by a network interface driver being executed by the processor for each of multiple incoming TCP sessions.
- In the context of various embodiments, virtual memory maps corresponding to the incoming TCP sessions may be built by the network interface driver.
- In some cases, the network interface driver may also build a session table including information regarding a page directory base address for each of the incoming TCP sessions and information regarding an offset to adjust a start address of the payload data with respect to a boundary of the physical page.
- In various instances of the aforementioned embodiments, the method may further involve (i) calculating an adjusted sequence number based on the sequence number and the offset; and (ii) the adjusted sequence number being used as a virtual address input to the virtual memory map.
- In the context of various embodiments, the method may further involve, prior to the memory interface writing payload data from the TCP packet to the physical page, determining whether the physical page has been allocated.
- Other embodiments of the present invention provide a network device having a processor, a system memory, a network interface, an interconnect bus and a bus/memory interface. The processor is configured to execute one or more user processes and a network interface driver. The system memory is coupled to the processor and has stored therein (i) a paging table used by the processor to translate virtual memory addresses into corresponding physical memory addresses and (ii) multiple virtual memory maps containing information for use in connection with translating a virtual addresses input based on a sequence number of an incoming Transmission Control Protocol (TCP) packet to a physical address. The network interface is operable to receive incoming TCP packets. The interconnect bus is coupled to the processor and the system memory. The bus/memory interface is coupled to the network interface and the interconnect bus and is adapted to write payload data from the incoming TCP packet to a physical page within the system memory on behalf of the network interface based on the sequence number and a virtual memory map corresponding to an incoming TCP session with which the TCP packet is associated. The network interface driver makes the physical page accessible to a user process by remapping the physical page through the paging table.
- In the aforementioned embodiment, the network interface driver may further be operable to allocate one or more physical pages of the system memory for each of the incoming TCP sessions.
- In the context of various of the aforementioned embodiments, the network interface driver may further be operable to create and maintain the virtual memory maps.
- In some instances, the network interface driver may build a session table within the system memory including information regarding a page directory base address for each of the incoming TCP sessions and information regarding an offset to adjust a start address of the payload data with respect to a boundary of the physical page.
- In various of the aforementioned embodiments, the virtual address may be determined by calculating an adjusted sequence number based on the sequence number and the offset.
- In various instances of the aforementioned embodiments, the network device may be a network security platform.
- In the context of various of the aforementioned embodiments, the user process may perform one or more security functions in relation to the payload data.
- In the aforementioned embodiment, the one or more security functions may include antivirus scanning, spam detection, web filtering, firewalling, intrusion detection, intrusion prevention and/or virtual private network (VPN) services.
- Other embodiments of the present invention provide a program storage device readable by one or more processors of a network device, tangibly embodying a program of instructions executable by the one or more processors to perform method steps for performing Transmission Control Protocol (TCP) reassembly. In accordance with the method, an incoming TCP packet is initially received at a network interface of the network device. Payload data from the TCP packet is then written to a physical page within a system memory based on a sequence number associated with the incoming TCP packet and by obtaining a physical address from a virtual memory map corresponding to an incoming TCP session with which the TCP packet is associated. After the physical page is full, the physical page is made accessible to a user process being executed by a processor associated with the system memory by remapping the physical page through a paging table used by the processor.
- In the aforementioned embodiment, the user process may perform one or more security functions in relation to the payload data.
- In context of various of the aforementioned embodiments, the one or more security functions may include, but are not limited to, antivirus scanning, spam detection, web filtering, firewalling, intrusion detection, intrusion prevention and/or virtual private network (VPN) services.
- Other features of embodiments of the present invention will be apparent from the accompanying drawings and from the detailed description that follows.
- Embodiments of the present invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:
-
FIG. 1 conceptually illustrates TCP reassembly processing as it is traditionally performed. -
FIG. 2 conceptually illustrates accelerated TCP reassembly processing in accordance with various embodiments of the present invention. -
FIG. 3 is an example of a system in which embodiments of the present invention may be utilized. -
FIGS. 4A and 4B depict exemplary virtual memory mapping mechanisms that may be used in relation to various embodiments of the present invention. -
FIG. 5 is a flow diagram illustrating incoming TCP traffic processing in accordance with an embodiment of the present invention. - Methods and systems are described for network protocol reassembly acceleration. According to one embodiment, hardware is provided for performing TCP payload spitting and stitching with assistance from a CPU, such as the host processor of a network device. A network driver executing on the CPU may allocate multiple memory pages for each incoming TCP session and build mapping tables for use by hardware. The mapping tables (e.g., one for each incoming TCP session) may be indexed based upon the TCP sequence number to obtain a buffer address in physical memory to which incoming TCP packet payloads are to be written. Associated packet headers (including MAC, IP and TCP headers) can be written to system memory in accordance with various traditional approaches for processing by the network driver. Upon receiving a full page of data, the network driver can then remap the page to make it accessible to an appropriate user process using the CPU paging table. In this manner, TCP reassembly acceleration processing as described in accordance with various embodiments of the present invention does not require copying of payload data from kernel space to user space.
- For purposes of simplicity, various embodiments of the present invention are described in the context of TCP reassembly acceleration. It is to be noted, however, that the reassembly acceleration processing described herein, for example, may be implemented generically enough so as to be used for offloading reassembly of other network protocols, including transport layer protocols that are fragmented natively or otherwise. Thus, embodiments of the present invention provide techniques that may generally increase inbound throughput of high-bandwidth network connections by reducing CPU overhead.
- In the following description, numerous specific details are set forth in order to provide a thorough understanding of embodiments of the present invention. It will be apparent, however, to one skilled in the art that embodiments of the present invention may be practiced without some of these specific details. In other instances, well-known structures and devices are shown in block diagram form.
- Embodiments of the present invention include various steps, which will be described below. The steps may be performed by hardware components or may be embodied in machine-executable instructions, which may be used to cause a general-purpose or special-purpose processor programmed with the instructions to perform the steps. Alternatively, the steps may be performed by a combination of hardware, software, firmware and/or by human operators.
- Embodiments of the present invention may be provided as a computer program product, which may include a machine-readable medium having stored thereon instructions, which may be used to program a computer (or other electronic devices) to perform a process. The machine-readable medium may include, but is not limited to, floppy diskettes, optical disks, compact disc read-only memories (CD-ROMs), and magneto-optical disks, ROMs, random access memories (RAMs), erasable programmable read-only memories (EPROMs), electrically erasable programmable read-only memories (EEPROMs), magnetic or optical cards, flash memory, or other type of media/machine-readable medium suitable for storing electronic instructions. Moreover, embodiments of the present invention may also be downloaded as a computer program product, wherein the program may be transferred from a remote computer to a requesting computer by way of data signals embodied in a carrier wave or other propagation medium via a communication link (e.g., a modem or network connection).
- Brief definitions of terms used throughout this application are given below.
- The terms “connected” or “coupled” and related terms are used in an operational sense and are not necessarily limited to a direct connection or coupling.
- The phrases “in one embodiment,” “according to one embodiment,” and the like generally mean the particular feature, structure, or characteristic following the phrase is included in at least one embodiment of the present invention, and may be included in more than one embodiment of the present invention. Importantly, such phases do not necessarily refer to the same embodiment.
- If the specification states a component or feature “may”, “can”, “could”, or “might” be included or have a characteristic, that particular component or feature is not required to be included or have the characteristic.
- The term “responsive” includes completely or partially responsive.
-
FIG. 2 conceptually illustrates TCP reassembly acceleration processing in accordance with various embodiments of the present invention. It is to be understood that the present example is being described at an abstract level in connection with a logical view of various functional units, including, hardware and software components. Thus,FIG. 2 does not necessarily represent an actual physical view of the hardware and/or software components depicted or their interconnections. - In contrast to the TCP reassembly processing illustrated by
FIG. 1 , in the present example, TCP payload data need not be copied from kernel memory space to user memory space. - According to the present example,
system memory 230 is shown containing mapping tables 240 and multiple TCP session buffers 250 a, 250 b and 250 n. Anetwork driver 210 and a user process 220 have access tosystem memory 230. In some embodiments of the present invention, one function ofnetwork driver 210 is to allocate one or more physical memory pages insystem memory 230 for each TCP session (e.g., TCP session buffers 250 a, 250 b and 250 n). Incoming TCP stream, e.g.,incoming packets 275, is reassembled within the corresponding TCP session buffers 250 a, 250 b and 250 n by a TCP payload split andstitching unit 270. Depending upon the particular implementation, user process 220 may perform one or more security functions, including but not limited to antivirus scanning, spam detection, web filtering, firewalling, intrusion detection, intrusion prevention and virtual private network (VPN) services. - In the current example and as described in more detail below, TCP payload split and
stitching unit 270 accelerates inbound TCP traffic processing by splitting the TCP header and payload and reassembling the payload into virtually continuous system memory 230 (e.g., host memory). Thus, for example, the received TCP stream can be reassembled insystem memory 230 to form the originally transmitted TCP payload by causing a bus/memory interface 260 to store TCP payload data into the correct portion of the corresponding TCP session buffer based on the TCP sequence number associated with the incoming packet thereby avoiding kernel-user space data copying. - According to one embodiment, mapping tables 240 include virtual memory mapping translation data structures, which will be described further below, that allow interface hardware, e.g., bus/memory interface 260, coupled to the
system memory 230 to write TCP payload data directly to physically addressed buffers based on an adjusted TCP sequence number and a page offset. - According to one embodiment, the mapping tables 240 are used only by the interface hardware and a corresponding page table translation data structure is used by the host processor. In other embodiments, the mapping tables 240 and the page table translation data structure are one in the same. In some embodiments, the mapping tables 240 and/or the page table translation data structure mimic the 32-bit Intel Architecture (IA32) page table. In such an embodiment and in the context of an IA32 system, the
network driver 210 can re-use the system's native page table structure. In the context of other systems, thenetwork driver 210 may construct the desired page table structure and/or mapping tables 240 from the native page table. As described further below, in some embodiments, the mapping tables 240 do not need to be fully filled thus allowing TCP sessions that are not to be offloaded and other sessions to bypass the reassembly acceleration processing described herein. - Session context data (not shown), which may be initialized upon session creation, may include both (i) information specifying an address of the base of a page directory (e.g., a page directory base register (PDBR) value) in the mapping tables 240 used to translate a virtual address represented by the adjusted TCP sequence number, for example, to a physical address and (ii) a page offset to adjust the packet start address with respect to a page boundary. As described further below, for TCP sessions that are not to be offloaded and other sessions,
network driver 210 may create a session context having a predetermined PDBR value, such as all zeroes. - In one embodiment, the functionality of one or more of the above-referenced functional units may be merged in various combinations. For example, the TCP payload split and
stitching unit 270 and the bus/memory interface 260 may be combined. Moreover, the various functional units can be communicatively coupled using any suitable communication method (e.g., message passing, parameter passing, and/or signals through one or more communication paths, etc.). Additionally, the functional units can be physically connected according to any suitable interconnection architecture (e.g., fully connected, hypercube, etc.). - According to embodiments of the invention, the functional units can be any suitable type of logic (e.g., digital logic, software code and the like) for executing the operations described herein. For example, all or a portion of the TCP payload split and stitching functionality may be performed by software or firmware executed by a network processor. Any of the functional units used in conjunction with embodiments of the invention can include machine-readable media including instructions for performing operations described herein. Machine-readable media include any mechanism that provides (i.e., stores and/or transmits) information in a form readable by a machine (e.g., a computer). For example, a machine-readable medium includes, but is not limited to, read only memory (ROM), random access memory (RAM), magnetic disk storage media, optical storage media or flash memory devices.
- According to one embodiment and as described further below, TCP reassembly acceleration processing is performed on behalf of a network interface of a network device by TCP payload split and
stitching unit 270 via bus/memory interface 260 coupled to system memory via an interconnect bus. In one embodiment, the TCP payload split andstitching unit 270 is integrated within a TCP offload engine (TOE) that also performs TCP segmentation offloading (TSO) as described in co-pending and commonly assigned U.S. patent application Ser. No. 12/254,931, which is hereby incorporated by reference in its entirety for all purposes. - Returning to the role of the
network driver 210, in various embodiments of the present invention copying payload data from kernel space to user space and the associated delays are eliminated by instead having thenetwork driver 210 remap physical pages, via the CPU paging table, for example, to make them accessible to an appropriate user process, such as user process 220. Thus, as such pages are filled they can be read by the user process 220. In this manner, TCP reassembly acceleration processing as described in accordance with various embodiments of the present invention does not require copying of payload data from kernel space to user space. -
FIG. 3 is an example of anetwork device 300 in which embodiments of the present invention may be utilized.Network device 300 may be any logical or physical device or combination of such devices that perform network traffic reassembly processing, including, but not limited to a network security platform, a network security appliance, a firewall, a network gateway, a client, a server and the like. - In the present example,
network device 300 includes anetwork interface 350, a bus/memory interface 340, an interconnect bus 330, ageneral purpose processor 310 and asystem memory 320.General purpose processor 310 may be any processor that is tailored for executing software commands indicated by an operating system. Thus, for example, general purpose processor 310may be, but is not limited to the various processors currently found in personal computers such as those offered by Intel and AMD. Based on the disclosure provided herein, one of ordinary skill in the art will recognize a variety of general purpose processors that may be used in relation to different embodiments of the present invention. In one embodiment,processor 310 may be implemented as a semiconductor device such as, for example, a programmable ate array or an application specific integrated circuit. - Bus/memory interface 340 provides control for interconnect bus 330 and access to
system memory 320. In particular embodiments of the present invention, interconnect bus 330 is a Peripheral Component Interconnect (PCI) bus,system memory 320 is a random access memory 330, and bus/memory interface 340 is a chipset currently available for controlling the PCI bus and providing access tosystem memory 320. It should be noted that interconnect bus 330 may be, but is not limited to, a PCI interface, a Peripheral Component Interconnect Extended (PCI-X) interface, a Peripheral Component Interconnect Express (PCIe) interface, or a HyperTransport (HT) interface. - As described with reference to
FIG. 2 ,system memory 320 may have stored therein, among other things, one or more virtual memory mapping tables (e.g., page tables and/or mapping tables 240) and TCP session buffers (e.g., TCP session buffers 250 a, 250 b and 250 n). The page tables and/or mapping tables 240 include translation data structures, which will be described further below, that allow interface hardware, e.g., bus/memory interface 340, coupled to thesystem memory 320 to write payload data to appropriate locations withinsystem memory 320 to facilitate efficient reassembly processing. - Depending upon the particular implementation,
network interface 350 may be a network interface unit (NIU), such as a network interface card (NIC), or other network interface device to allownetwork device 300 to connect to an outside network. In one embodiment,network interface 350 includes a network processor or other digital logic (not shown) to allow it to direct and perform reassembly processing to offload thegeneral purpose processor 310. In one embodiment, TCP reassembly acceleration processing may be performed by the network processor. Alternatively, TCP reassembly acceleration processing may be performed in hardware. - In one embodiment, bus/memory interface 340 is configured to write TCP payload data to
system memory 320 via interconnect bus 330 based on virtual memory mapping tables (e.g., mapping tables 240) therein. In one embodiment, the locations of the virtual memory mapping tables corresponding to each TCP session are stored in local memory, such as double data rate synchronous dynamic random access memory (DDR SDRAM), of thenetwork interface 350 or in on-chip caches called translation lookaside buffers orTLBs 345. Advantageously, since the virtual memory mapping tables are in host memory, e.g.,system memory 320, and their locations are stored in local memory, as a practical matter, the number of TCP sessions that can be accelerated is not limited by the internal memories associated with the bus/memory interface 340 and/or thenetwork interface 350. -
FIGS. 4A-4B depict exemplary virtual memory mapping mechanisms that may be used in relation to various embodiments of the present invention. In particular,FIG. 4A shows a hierarchy of apage directory 410 and a page table 430 utilized when mapping an adjusted TCP sequence number 400 (a virtual address) to exemplary 4-KByte pages 440. The entries inpage directory 410, such asdirectory entry 411, point to page table 430, and the entries in page table 430, such as page-table entry 431, point topages 440 in physical memory specified by a particular physical address, such asphysical address 441. - Based on (i) a base address of the
page directory 410, which may be specified by aPDBR value 420 associated with a particular TCP session context as described above, and (ii) adirectory field 401, atable field 402 and an offsetfield 403 of the adjusted TCP sequence number 400, the TCP payload split and stitching functionality implemented by special purpose hardware (e.g., TCP payload split and stitching unit 270) or bynetwork interface 350, for example, may cause the bus/memory interface 340 to reassemble the TCP payload data into virtually continuous host memory (e.g., system memory 230). - A register (not shown) may be used to indicate when an associated general purpose processor has invalidated one or more entries of
page directory 410. Where such invalidation occurs, it is up to thenetwork interface 350 and/or the bus/memory interface 340 to refresh the page table by accessingsystem memory 320. -
FIG. 4B shows a process for using apage directory 460 to map an adjusted TCP sequence number 450 (a virtual address) to exemplary 4-MByte pages 480. The entries inpage directory 460, such asdirectory entry 461, point to 4-MByte pages 480 in physical memory. - Based on (i) a base address of the
page directory 460, which may be specified by aPDBR value 470 associated with a particular TCP session context as described above, and (ii) adirectory field 451 and an offsetfield 452 of the virtual address 450, the TCP payload split and stitching functionality implemented by special purpose hardware (e.g., TCP payload split and stitching unit 270) or bynetwork interface 350, for example, may cause the bus/memory interface 340 to reassemble the TCP payload data into virtually continuous host memory (e.g., system memory 230). - A register (not shown) may be used to indicate when an associated general purpose processor has invalidated one or more entries of
page directory 460. Where such invalidation occurs, it is up to thenetwork interface 350 and/or bus/memory interface 340 to refresh the page table by accessingsystem memory 320. - According to one embodiment, the PDBR values 420 and 470 may be stored in the following format:
-
PDBR [31:12] Page Offset [11:0]
This format allows the PDBR address to be page-aligned and only the upper 20 bits are needed to be stored in the session table. The lower 12 bits can then be used as a page offset to adjust the packet start address with respect to the page boundary. - In one embodiment, for TCP sessions that do not want to be offloaded and other sessions, the network driver (e.g., network driver 210) can push a PDBR into the session table having the upper 20 bits set to zero to disable offloading.
- According to one embodiment, page directory entries include page table base address as well as an indicator regarding page size (e.g., 4 KB pages vs. 4 MB pages) and a presence indicator (e.g., a present bit).
- According to one embodiment, page table entries include a page base address as well as a presence indicator (e.g., a present bit).
- In various embodiments, the presence indicator in the page directory entries and the page table entries may be used to implement the TCP receiving window function. For example, only the pages falling within the receiving window may have the present bit set to indicate the corresponding page has been allocated. The present bit associated with the other pages may be unset indicating the corresponding page has not been allocated. In this manner, the bus/memory interface 260, 340 may be prevented from overwriting payload data outside the receiving window.
-
FIG. 5 is a flow diagram illustrating incoming TCP traffic processing in accordance with an embodiment of the present invention. Depending upon the particular implementation, the various process and decision blocks described herein may be performed by hardware components, embodied in machine-executable instructions, which may be used to cause a general-purpose or special-purpose processor programmed with the instructions to perform the steps, or the steps may be performed by a combination of hardware, software, firmware and/or involvement of human participation/interaction. - In the present example, before reaching
decision block 510, it is assumed an incoming TCP packet has been received at a network interface, e.g.,network interface 350. - According to the embodiment depicted, processing of the incoming TCP packet begins at
decision block 510, in which it is determined if the packet meets various validation checks. For example, among other things, it may be determined if the packet is really a TCP/IP packet and if the IP length specified in the packet matches the actual length of the received packet. If any of the sanity checks fail, then processing branches to block 550; otherwise, if all the sanity checks pass, then processing continues withdecision block 520. - At
decision block 520, it is determined if reassembly processing is to be offloaded to a TOE, for example. According to one embodiment, this determination is made by evaluating the PDBR value associated with the TCP session to which the packet corresponds. If the PDBR value is equal to a predetermined value that by convention indicates no offloading is to be performed, then processing branches to block 530; otherwise, processing continues withdecision block 540. - At
block 530, offloading for the packet at issue is disabled and the packet is delivered to the host processor, e.g.,general purpose processor 310, by means other than the TCP reassembly acceleration processing described herein. Those skilled in the art will recognize various conventional means according to which the packet may be delivered to the appropriate user process, e.g., user process 220. After the packet is delivered, processing is complete. - At
decision block 540, it is determined if the system memory pages to which the payload data would be stored have been allocated. According to one embodiment and as described above, a presence indicator may be provided in page directory entries and/or page table entries of the virtual memory map. For each of the pages the payload data of the packet will span, the bus/memory interface, e.g., bus/memory interface 260 or 340, checks if the present bit, for example, indicates the page is allocated. If any of the pages to which a portion of the payload data has not been allocated, then processing branches to block 550. If all the pages have been allocated, then processing continues withblock 560. - At
block 550, either (i) one or more of the sanity checks ofdecision block 510 failed or (ii) one or more of the system memory pages to which the payload data would be written according to the virtual memory map has not been allocated. Consequently, offloading for the packet at issue is disabled and processing for this packet is complete. - At
block 560, the true paths of each of decision blocks 510, 520 and 540 have been followed meaning the sanity checks have passed, the packet is to be offloaded and appropriate system memory pages have been allocated. Thus, at this point, the packet header and payload are separated. The packet header is written to kernel memory for validation by the network driver; and the packet payload is written to the location in system memory indicated by the virtual memory map for the corresponding TCP session. - At
decision block 570, a determination is made whether any of the pages to which the payload was written are full. If so, then processing continues to block 580; otherwise processing is complete. - At
block 580, one or more memory pages were filled as a result of the most recent storage of payload data to system memory. In order to make the page accessible to the appropriate user process, the one or more memory pages are remapped through the page table to user memory space visible to the appropriate user process. At this point, the user process may operate on the payload data. According to one embodiment, the user process may perform one or more security functions, including, but not limited to antivirus scanning, spam detection, web filtering, firewalling, intrusion detection, intrusion prevention and virtual private network (VPN) services. - According to one embodiment, TCP reassembly processing is performed by a network processor separate and independent from the general purpose processor and/or dedicated hardware (e.g., TCP payload split and stitching 270) associated with the ingress network interface in an effort to increase system throughput and decrease usage of the general purpose processor. Advantageously, in accordance with embodiments of the present invention, TCP reassembly processing is improved as a result of avoiding kernel-user space copying of TCP payload data.
- While embodiments of the invention have been illustrated and described, it will be clear that the invention is not limited to these embodiments only. Numerous modifications, changes, variations, substitutions, and equivalents will be apparent to those skilled in the art, without departing from the spirit and scope of the invention, as described in the claims.
Claims (18)
1. A method comprising:
receiving an incoming packet at a network interface;
a memory interface writing payload data from the packet to a physical page within a system memory on behalf of the network interface based on a sequence number associated with the incoming packet and by obtaining a physical address from a virtual memory map corresponding to an incoming session with which the packet is associated; and
after the physical page is full, making the physical page accessible to a user process being executed by a processor associated with the system memory by remapping the physical page through a paging table used by the user process.
2. The method of claim 1 , wherein the incoming packet comprises a TCP packet and the incoming session comprises an incoming TCP session.
3. The method of claim 2 , further comprising a network interface driver being executed by the processor allocating one or more physical pages of the system memory for each of a plurality of incoming TCP sessions, including the incoming TCP session.
4. The method of claim 3 , further comprising the network interface driver building virtual memory maps, including the virtual memory map, corresponding to the plurality of incoming TCP sessions.
5. The method of claim 4 , further comprising the network interface driver building a session table including information regarding a page directory base address for each of the plurality of incoming TCP sessions and information regarding an offset to adjust a start address of the payload data with respect to a boundary of the physical page.
6. The method of claim 5 , further comprising:
calculating an adjusted sequence number based on the sequence number and the offset; and
using the adjusted sequence number as a virtual address input to the virtual memory map.
7. The method of claim 2 , further comprising, prior to the memory interface writing payload data from the TCP packet to the physical page, determining whether the physical page has been allocated.
8. A network device comprising:
a processor configured to execute one or more user processes and a network interface driver;
a system memory, coupled to the processor, having stored therein (i) a paging table used by the processor to translate virtual memory addresses into corresponding physical memory addresses and (ii) a plurality of virtual memory maps containing information for use in connection with translating a virtual address input based on a sequence number of an incoming Transmission Control Protocol (TCP) packet to a physical address;
a network interface operable to receive incoming TCP packets;
an interconnect bus coupled to the processor and the system memory; and
a bus/memory interface, coupled to the network interface and the interconnect bus, adapted to write payload data from the incoming TCP packet to a physical page within the system memory on behalf of the network interface based on the sequence number and a virtual memory map of the plurality of virtual memory maps corresponding to an incoming TCP session with which the TCP packet is associated; and
wherein the network interface driver makes the physical page accessible to a user process of the one or more user processes by remapping the physical page through the paging table.
9. The network device of claim 8 , wherein the network interface driver is further configured to allocate one or more physical pages of the system memory for each of the plurality of incoming TCP sessions.
10. The network device of claim 9 , wherein the network interface driver is further configured to create and maintain the plurality of virtual memory maps.
11. The network device of claim 10 , wherein the network interface driver is further configured to build a session table within the system memory including information regarding a page directory base address for each of the plurality of incoming TCP sessions and information regarding an offset to adjust a start address of the payload data with respect to a boundary of the physical page.
12. The network device of claim 11 , wherein the virtual address is determined by calculating an adjusted sequence number based on the sequence number and the offset.
13. The network device of claim 8 , wherein the network device comprises a network security platform.
14. The network device of claim 8 , wherein the user process performs one or more security functions.
15. The network device of claim 14 , wherein the one or more security functions include one or more of antivirus scanning, spam detection, web filtering, firewalling, intrusion detection, intrusion prevention and virtual private network (VPN) services.
16. A program storage device readable by one or more processors of a network device, tangibly embodying a program of instructions executable by the one or more processors to perform method steps for performing Transmission Control Protocol (TCP) reassembly, the method comprising:
receiving an incoming TCP packet at a network interface of the network device;
writing payload data from the TCP packet to a physical page within a system memory based on a sequence number associated with the incoming TCP packet and by obtaining a physical address from a virtual memory map corresponding to an incoming TCP session with which the TCP packet is associated; and
after the physical page is full, making the physical page accessible to a user process being executed by a processor associated with the system memory by remapping the physical page through a paging table used by the processor.
17. The program storage device of claim 16 , wherein the user process performs one or more security functions.
18. The program storage device of claim 17 , wherein the one or more security functions include one or more of antivirus scanning, spam detection, web filtering, firewalling, intrusion detection, intrusion prevention and virtual private network (VPN) services.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/255,916 US20090307363A1 (en) | 2008-06-09 | 2008-10-22 | Network protocol reassembly accelaration |
CN200910147460.6A CN101827071B (en) | 2008-06-09 | 2009-06-09 | Network protocol reassembly accelaration |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US6011408P | 2008-06-09 | 2008-06-09 | |
US12/255,916 US20090307363A1 (en) | 2008-06-09 | 2008-10-22 | Network protocol reassembly accelaration |
Publications (1)
Publication Number | Publication Date |
---|---|
US20090307363A1 true US20090307363A1 (en) | 2009-12-10 |
Family
ID=41400275
Family Applications (9)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/254,931 Active 2029-10-13 US7944946B2 (en) | 2008-06-09 | 2008-10-21 | Virtual memory protocol segmentation offloading |
US12/255,916 Abandoned US20090307363A1 (en) | 2008-06-09 | 2008-10-22 | Network protocol reassembly accelaration |
US13/096,973 Active 2029-03-21 US8411702B2 (en) | 2008-06-09 | 2011-04-28 | Virtual memory protocol segmentation offloading |
US13/853,326 Active 2029-01-15 US8964785B2 (en) | 2008-06-09 | 2013-03-29 | Virtual memory protocol segmentation offloading |
US14/568,499 Active US9319490B2 (en) | 2008-06-09 | 2014-12-12 | Virtual memory protocol segmentation offloading |
US14/995,922 Active US9319491B1 (en) | 2008-06-09 | 2016-01-14 | Virtual memory protocol segmentation offloading |
US15/131,451 Active US9401976B1 (en) | 2008-06-09 | 2016-04-18 | Virtual memory protocol segmentation offloading |
US15/198,936 Active US9825885B2 (en) | 2008-06-09 | 2016-06-30 | Virtual memory protocol segmentation offloading |
US15/817,180 Active US10009295B2 (en) | 2008-06-09 | 2017-11-18 | Virtual memory protocol segmentation offloading |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/254,931 Active 2029-10-13 US7944946B2 (en) | 2008-06-09 | 2008-10-21 | Virtual memory protocol segmentation offloading |
Family Applications After (7)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/096,973 Active 2029-03-21 US8411702B2 (en) | 2008-06-09 | 2011-04-28 | Virtual memory protocol segmentation offloading |
US13/853,326 Active 2029-01-15 US8964785B2 (en) | 2008-06-09 | 2013-03-29 | Virtual memory protocol segmentation offloading |
US14/568,499 Active US9319490B2 (en) | 2008-06-09 | 2014-12-12 | Virtual memory protocol segmentation offloading |
US14/995,922 Active US9319491B1 (en) | 2008-06-09 | 2016-01-14 | Virtual memory protocol segmentation offloading |
US15/131,451 Active US9401976B1 (en) | 2008-06-09 | 2016-04-18 | Virtual memory protocol segmentation offloading |
US15/198,936 Active US9825885B2 (en) | 2008-06-09 | 2016-06-30 | Virtual memory protocol segmentation offloading |
US15/817,180 Active US10009295B2 (en) | 2008-06-09 | 2017-11-18 | Virtual memory protocol segmentation offloading |
Country Status (2)
Country | Link |
---|---|
US (9) | US7944946B2 (en) |
CN (2) | CN101827072B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090304029A1 (en) * | 2008-06-09 | 2009-12-10 | Fortinet, Inc. A Delaware Corporation | Virtual memory protocol segmentation offloading |
US20120243540A1 (en) * | 2011-03-23 | 2012-09-27 | Ralink Technology Corporation | Method for offloading packet segmentations and device using the same |
US20150142977A1 (en) * | 2013-11-19 | 2015-05-21 | Cavium, Inc. | Virtualized network interface for tcp reassembly buffer allocation |
CN113438097A (en) * | 2021-05-21 | 2021-09-24 | 翱捷科技股份有限公司 | Method and device for realizing network acceleration |
Families Citing this family (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8214653B1 (en) | 2009-09-04 | 2012-07-03 | Amazon Technologies, Inc. | Secured firmware updates |
US9565207B1 (en) | 2009-09-04 | 2017-02-07 | Amazon Technologies, Inc. | Firmware updates from an external channel |
US8887144B1 (en) | 2009-09-04 | 2014-11-11 | Amazon Technologies, Inc. | Firmware updates during limited time period |
US10177934B1 (en) | 2009-09-04 | 2019-01-08 | Amazon Technologies, Inc. | Firmware updates inaccessible to guests |
US8971538B1 (en) | 2009-09-08 | 2015-03-03 | Amazon Technologies, Inc. | Firmware validation from an external channel |
US8601170B1 (en) | 2009-09-08 | 2013-12-03 | Amazon Technologies, Inc. | Managing firmware update attempts |
US8300641B1 (en) | 2009-09-09 | 2012-10-30 | Amazon Technologies, Inc. | Leveraging physical network interface functionality for packet processing |
US8959611B1 (en) | 2009-09-09 | 2015-02-17 | Amazon Technologies, Inc. | Secure packet management for bare metal access |
US8381264B1 (en) | 2009-09-10 | 2013-02-19 | Amazon Technologies, Inc. | Managing hardware reboot and reset in shared environments |
US8654784B2 (en) | 2010-03-11 | 2014-02-18 | Microsoft Corporation | Multi-stage large send offload |
US8989185B2 (en) * | 2010-08-05 | 2015-03-24 | Thomson Licensing | Method and apparatus for converting a multicast session to a unicast session |
US9485333B2 (en) * | 2013-11-22 | 2016-11-01 | Freescale Semiconductor, Inc. | Method and apparatus for network streaming |
CN103761060B (en) * | 2014-01-27 | 2017-02-15 | 华为技术有限公司 | Data processing method and server |
US10346330B2 (en) * | 2014-01-29 | 2019-07-09 | Red Hat Israel, Ltd. | Updating virtual machine memory by interrupt handler |
US9959203B2 (en) | 2014-06-23 | 2018-05-01 | Google Llc | Managing storage devices |
GB2544515B (en) * | 2015-11-19 | 2020-02-12 | Canon Kk | System for receiving or transmitting data with a fast-path protocol processing architecture |
US20170249162A1 (en) * | 2016-02-25 | 2017-08-31 | Red Hat Israel, Ltd. | Safe transmit packet processing for network function virtualization applications |
US10339065B2 (en) * | 2016-12-01 | 2019-07-02 | Ampere Computing Llc | Optimizing memory mapping(s) associated with network nodes |
US10936405B2 (en) * | 2017-11-13 | 2021-03-02 | Weka.IO Ltd. | Efficient networking for a distributed storage system |
US10887252B2 (en) * | 2017-11-14 | 2021-01-05 | Mellanox Technologies, Ltd. | Efficient scatter-gather over an uplink |
CN110069422B (en) * | 2018-01-23 | 2021-06-18 | 普天信息技术有限公司 | Memory buffer recovery method based on MIPS multi-core processor |
CN111279280B (en) * | 2018-08-24 | 2023-08-04 | 百度时代网络技术(北京)有限公司 | Data transfer logic for transferring data between sensors and programming and control of an autonomous vehicle |
JP7044033B2 (en) * | 2018-11-06 | 2022-03-30 | 日本電信電話株式会社 | Access control methods, access control devices, and data processing devices |
CN111642137A (en) * | 2018-12-14 | 2020-09-08 | 华为技术有限公司 | Method, device and system for quickly sending write data preparation completion message |
EP3699770A1 (en) | 2019-02-25 | 2020-08-26 | Mellanox Technologies TLV Ltd. | Collective communication system and methods |
CN110445580B (en) * | 2019-08-09 | 2022-04-19 | 浙江大华技术股份有限公司 | Data transmission method and device, storage medium, and electronic device |
CN111209229B (en) * | 2019-12-30 | 2021-12-21 | 苏州艾利特机器人有限公司 | Fieldbus method based on virtual equipment |
US11750699B2 (en) | 2020-01-15 | 2023-09-05 | Mellanox Technologies, Ltd. | Small message aggregation |
CN113468090B (en) * | 2020-03-30 | 2024-04-05 | 浙江宇视科技有限公司 | PCIe communication method and device, electronic equipment and readable storage medium |
US11876885B2 (en) | 2020-07-02 | 2024-01-16 | Mellanox Technologies, Ltd. | Clock queue with arming and/or self-arming features |
US11556378B2 (en) | 2020-12-14 | 2023-01-17 | Mellanox Technologies, Ltd. | Offloading execution of a multi-task parameter-dependent operation to a network device |
US11922237B1 (en) | 2022-09-12 | 2024-03-05 | Mellanox Technologies, Ltd. | Single-step collective operations |
Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5166928A (en) * | 1990-04-27 | 1992-11-24 | Matsushita Electric Industrial Co., Ltd. | Communication system comprising a communication line monitor for monitoring a communication line |
US5586264A (en) * | 1994-09-08 | 1996-12-17 | Ibm Corporation | Video optimized media streamer with cache management |
US5760767A (en) * | 1995-10-26 | 1998-06-02 | Sony Corporation | Method and apparatus for displaying in and out points during video editing |
US5933602A (en) * | 1996-07-31 | 1999-08-03 | Novell, Inc. | System for selecting command packet and corresponding response packet from communication stream of packets by monitoring packets sent between nodes on network |
US6629141B2 (en) * | 1999-07-30 | 2003-09-30 | Intel Corporation | Storing a frame header |
US6650640B1 (en) * | 1999-03-01 | 2003-11-18 | Sun Microsystems, Inc. | Method and apparatus for managing a network flow in a high performance network interface |
US20040042483A1 (en) * | 2002-08-30 | 2004-03-04 | Uri Elzur | System and method for TCP offload |
US6708292B1 (en) * | 2000-08-18 | 2004-03-16 | Network Associates, Inc. | System, method and software for protocol analyzer remote buffer management |
US6826639B2 (en) * | 2001-07-27 | 2004-11-30 | Computer Access Technology Corporation | Hierarchical display of multilevel protocol for communication data |
US20060067228A1 (en) * | 2004-09-30 | 2006-03-30 | John Ronciak | Flow based packet processing |
US7149189B2 (en) * | 2001-07-17 | 2006-12-12 | Mcafee, Inc. | Network data retrieval and filter systems and methods |
US20070061492A1 (en) * | 2005-08-05 | 2007-03-15 | Red Hat, Inc. | Zero-copy network i/o for virtual hosts |
US20090304029A1 (en) * | 2008-06-09 | 2009-12-10 | Fortinet, Inc. A Delaware Corporation | Virtual memory protocol segmentation offloading |
US7930422B2 (en) * | 2004-07-14 | 2011-04-19 | International Business Machines Corporation | Apparatus and method for supporting memory management in an offload of network protocol processing |
US20110200005A1 (en) * | 2007-12-17 | 2011-08-18 | Electronics And Telecommunications Research Institute | Method of supporting mobility using security tunnel |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6430628B1 (en) | 1998-12-08 | 2002-08-06 | Intel Corporation | Method and apparatus for reducing direct memory access transfers using smart coalescing |
US6973040B1 (en) | 2000-03-13 | 2005-12-06 | Netzentry, Inc. | Method of maintaining lists of network characteristics |
US20020144004A1 (en) | 2001-03-29 | 2002-10-03 | Gaur Daniel R. | Driver having multiple deferred procedure calls for interrupt processing and method for interrupt processing |
AU2002323524A1 (en) | 2001-08-30 | 2003-03-18 | Tellabs Operations, Inc. | System and method for communicating data using a common switch fabric |
US8190765B2 (en) | 2002-06-25 | 2012-05-29 | Intel Corporation | Data reception management apparatus, systems, and methods |
US8417913B2 (en) * | 2003-11-13 | 2013-04-09 | International Business Machines Corporation | Superpage coalescing which supports read/write access to a new virtual superpage mapping during copying of physical pages |
US7249241B1 (en) * | 2004-04-29 | 2007-07-24 | Sun Microsystems, Inc. | Method and apparatus for direct virtual memory address caching |
US20070255866A1 (en) * | 2006-05-01 | 2007-11-01 | Eliezer Aloni | Method and system for a user space TCP offload engine (TOE) |
CN101123567A (en) * | 2006-05-01 | 2008-02-13 | 美国博通公司 | Method and system for processing network information |
US9645934B2 (en) * | 2013-09-13 | 2017-05-09 | Samsung Electronics Co., Ltd. | System-on-chip and address translation method thereof using a translation lookaside buffer and a prefetch buffer |
-
2008
- 2008-10-21 US US12/254,931 patent/US7944946B2/en active Active
- 2008-10-22 US US12/255,916 patent/US20090307363A1/en not_active Abandoned
-
2009
- 2009-06-09 CN CN200910147461.0A patent/CN101827072B/en active Active
- 2009-06-09 CN CN200910147460.6A patent/CN101827071B/en active Active
-
2011
- 2011-04-28 US US13/096,973 patent/US8411702B2/en active Active
-
2013
- 2013-03-29 US US13/853,326 patent/US8964785B2/en active Active
-
2014
- 2014-12-12 US US14/568,499 patent/US9319490B2/en active Active
-
2016
- 2016-01-14 US US14/995,922 patent/US9319491B1/en active Active
- 2016-04-18 US US15/131,451 patent/US9401976B1/en active Active
- 2016-06-30 US US15/198,936 patent/US9825885B2/en active Active
-
2017
- 2017-11-18 US US15/817,180 patent/US10009295B2/en active Active
Patent Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5166928A (en) * | 1990-04-27 | 1992-11-24 | Matsushita Electric Industrial Co., Ltd. | Communication system comprising a communication line monitor for monitoring a communication line |
US5586264A (en) * | 1994-09-08 | 1996-12-17 | Ibm Corporation | Video optimized media streamer with cache management |
US5760767A (en) * | 1995-10-26 | 1998-06-02 | Sony Corporation | Method and apparatus for displaying in and out points during video editing |
US5933602A (en) * | 1996-07-31 | 1999-08-03 | Novell, Inc. | System for selecting command packet and corresponding response packet from communication stream of packets by monitoring packets sent between nodes on network |
US6650640B1 (en) * | 1999-03-01 | 2003-11-18 | Sun Microsystems, Inc. | Method and apparatus for managing a network flow in a high performance network interface |
US6629141B2 (en) * | 1999-07-30 | 2003-09-30 | Intel Corporation | Storing a frame header |
US6708292B1 (en) * | 2000-08-18 | 2004-03-16 | Network Associates, Inc. | System, method and software for protocol analyzer remote buffer management |
US7149189B2 (en) * | 2001-07-17 | 2006-12-12 | Mcafee, Inc. | Network data retrieval and filter systems and methods |
US6826639B2 (en) * | 2001-07-27 | 2004-11-30 | Computer Access Technology Corporation | Hierarchical display of multilevel protocol for communication data |
US20040042483A1 (en) * | 2002-08-30 | 2004-03-04 | Uri Elzur | System and method for TCP offload |
US7930422B2 (en) * | 2004-07-14 | 2011-04-19 | International Business Machines Corporation | Apparatus and method for supporting memory management in an offload of network protocol processing |
US20060067228A1 (en) * | 2004-09-30 | 2006-03-30 | John Ronciak | Flow based packet processing |
US7512684B2 (en) * | 2004-09-30 | 2009-03-31 | Intel Corporation | Flow based packet processing |
US20070061492A1 (en) * | 2005-08-05 | 2007-03-15 | Red Hat, Inc. | Zero-copy network i/o for virtual hosts |
US20110200005A1 (en) * | 2007-12-17 | 2011-08-18 | Electronics And Telecommunications Research Institute | Method of supporting mobility using security tunnel |
US20090304029A1 (en) * | 2008-06-09 | 2009-12-10 | Fortinet, Inc. A Delaware Corporation | Virtual memory protocol segmentation offloading |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9401976B1 (en) | 2008-06-09 | 2016-07-26 | Fortinet, Inc. | Virtual memory protocol segmentation offloading |
US7944946B2 (en) | 2008-06-09 | 2011-05-17 | Fortinet, Inc. | Virtual memory protocol segmentation offloading |
US20110200057A1 (en) * | 2008-06-09 | 2011-08-18 | Fortinet, Inc. | Virtual Memory Protocol Segmentation Offloading |
US20090304029A1 (en) * | 2008-06-09 | 2009-12-10 | Fortinet, Inc. A Delaware Corporation | Virtual memory protocol segmentation offloading |
US8411702B2 (en) | 2008-06-09 | 2013-04-02 | Fortinet, Inc. | Virtual memory protocol segmentation offloading |
US8964785B2 (en) | 2008-06-09 | 2015-02-24 | Fortinet, Inc. | Virtual memory protocol segmentation offloading |
US10009295B2 (en) | 2008-06-09 | 2018-06-26 | Fortinet, Inc. | Virtual memory protocol segmentation offloading |
US9825885B2 (en) | 2008-06-09 | 2017-11-21 | Fortinet, Inc. | Virtual memory protocol segmentation offloading |
US9319490B2 (en) | 2008-06-09 | 2016-04-19 | Fortinet, Inc. | Virtual memory protocol segmentation offloading |
US9319491B1 (en) | 2008-06-09 | 2016-04-19 | Fortinet, Inc. | Virtual memory protocol segmentation offloading |
US20120243540A1 (en) * | 2011-03-23 | 2012-09-27 | Ralink Technology Corporation | Method for offloading packet segmentations and device using the same |
US9247032B2 (en) * | 2011-03-23 | 2016-01-26 | Mediatek Inc. | Method for offloading packet segmentations and device using the same |
US9363193B2 (en) * | 2013-11-19 | 2016-06-07 | Cavium, Inc. | Virtualized network interface for TCP reassembly buffer allocation |
US20150142977A1 (en) * | 2013-11-19 | 2015-05-21 | Cavium, Inc. | Virtualized network interface for tcp reassembly buffer allocation |
CN113438097A (en) * | 2021-05-21 | 2021-09-24 | 翱捷科技股份有限公司 | Method and device for realizing network acceleration |
Also Published As
Publication number | Publication date |
---|---|
US20150110125A1 (en) | 2015-04-23 |
US20090304029A1 (en) | 2009-12-10 |
CN101827071A (en) | 2010-09-08 |
US20110200057A1 (en) | 2011-08-18 |
US9319491B1 (en) | 2016-04-19 |
US20160134724A1 (en) | 2016-05-12 |
US7944946B2 (en) | 2011-05-17 |
CN101827071B (en) | 2014-05-28 |
US10009295B2 (en) | 2018-06-26 |
US9319490B2 (en) | 2016-04-19 |
US20160352652A1 (en) | 2016-12-01 |
US20160234352A1 (en) | 2016-08-11 |
US8411702B2 (en) | 2013-04-02 |
US20180077087A1 (en) | 2018-03-15 |
US8964785B2 (en) | 2015-02-24 |
US9401976B1 (en) | 2016-07-26 |
CN101827072B (en) | 2014-03-12 |
US9825885B2 (en) | 2017-11-21 |
CN101827072A (en) | 2010-09-08 |
US20130215904A1 (en) | 2013-08-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20090307363A1 (en) | Network protocol reassembly accelaration | |
US7636832B2 (en) | I/O translation lookaside buffer performance | |
US10719463B1 (en) | Hardware handling memory write request during memory data migration | |
US7752360B2 (en) | Method and system to map virtual PCIe I/O devices and resources to a standard I/O bus | |
US7970949B2 (en) | Network interface and protocol | |
US20030131228A1 (en) | System on a chip for network storage devices | |
US20090086736A1 (en) | Notification of out of order packets | |
US10104002B2 (en) | Method and system for network address re-use in network address translation | |
US11010165B2 (en) | Buffer allocation with memory-based configuration | |
US20090080419A1 (en) | Providing consistent manageability interface to a management controller for local and remote connections | |
US10255213B1 (en) | Adapter device for large address spaces | |
US6947971B1 (en) | Ethernet packet header cache | |
US11513958B1 (en) | Shared mid-level data cache | |
Floroiu et al. | Using NDIS intermediate drivers for extending the protocol stack. A case study | |
US11716305B2 (en) | Control embedded data packet for efficient ARP query in SDA environment | |
US7178023B1 (en) | System and method to facilitate secure communication of data | |
US11418491B2 (en) | Dynamic firewall discovery on a service plane in a SDWAN architecture | |
US20110040911A1 (en) | Dual interface coherent and non-coherent network interface controller architecture | |
CN115865861A (en) | Address resolution protocol message response method, system and network equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: FORTINET, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ZHOU, XU;CHEN, YUNYU (DAVID);HUANG, LIN;AND OTHERS;REEL/FRAME:022772/0042 Effective date: 20090306 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |