Abstract: Computing apparatus includes a host computer, including multiple non-uniform memory access (NUMA) nodes, including at least first and second NUMA nodes, which include first and second local memories and first and second host bus interfaces for connection to first and second peripheral component buses, respectively. A network interface controller (NIC) is to receive a definition of a memory region extending over respective first and second parts of the first and second local memories and to receive a memory mapping with respect to the memory region that is applicable to both the first and second local memories, and to apply the memory mapping in writing data to the memory region via first and second NIC bus interfaces in a sequence of direct memory access (DMA) transactions to the respective first and second parts of the first and second local memories in response to packets received through a network port.

Abstract: A system includes a host processor, which has a host memory and is coupled to store data in a non-volatile memory in accordance with a storage protocol. A network interface controller (NIC) receives data packets conveyed over a packet communication network from peer computers containing, in payloads of the data packets, data records that encode data in accordance with the storage protocol for storage in the non-volatile memory. The NIC processes the data records in the data packets that are received in order in each flow from a peer computer and extracts and writes the data to the host memory, and when a data packet arrives out of order, writes the data packet to the host memory without extracting the data and processes the data packets in the flow so as to recover context information for use in processing the data records in subsequent data packets in the flow.

Abstract: In one embodiment, a secure distributed processing system includes nodes connected over a network, and configured to process tasks, each respective one of the nodes including a respective processor to process data of respective ones of the tasks, and a respective network interface controller to connect to other nodes over the network, store task master keys for use in computing communication keys for securing data transfer over the network for respective ones of the tasks, compute respective task and node-pair specific communication keys for securing communication with respective ones of the nodes over the network for respective ones of the tasks responsively to respective ones of the task master keys and node-specific data of respective node pairs, and securely communicate the processed data of the respective ones of the tasks with the respective ones of the nodes over the network responsively to the respective task and node-pair specific communication keys.

Abstract: A compute node includes a memory, a processor and a peripheral device. The memory is to store memory pages. The processor is to run software that accesses the memory, and to identify one or more first memory pages that are accessed by the software in the memory. The peripheral device is to directly access one or more second memory pages in the memory of the compute node using Direct Memory Access (DMA), and to notify the processor of the second memory pages that are accessed using DMA. The processor is further to maintain a data structure that tracks both (i) the first memory pages as identified by the processor and (ii) the second memory pages as notified by the peripheral device.

Abstract: In one embodiment, an apparatus includes a network interface to receive a sequence of data packets from a remote device responsively to a data transfer request, the received sequence including received data blocks, and packet processing circuitry to read cryptographic parameters from a memory in which the parameters were registered by a processing unit, the cryptographic parameters including an initial cryptographic key and initial value, compute a first cryptographic key responsively to the initial cryptographic key and initial value, cryptographically process a first block responsively to the first cryptographic key, compute an updated value responsively to the initial value and a size of the first block, compute a second cryptographic key responsively to the initial cryptographic key and the updated value, cryptographically process a second block of the received data blocks responsively to the second cryptographic key, and write the cryptographically processed first and second block to the memory.

Abstract: Computing apparatus includes a host computer, including at least first and second host bus interfaces. A network interface controller (NIC) includes a network port, for connection to a packet communication network, and first and second NIC bus interfaces, which communicate via first and second peripheral component buses with the first and second host bus interfaces, respectively. Packet processing logic, in response to packets received through the network port, writes data to the host memory concurrently via both the first and second NIC bus interfaces in a sequence of direct memory access (DMA) transactions, and after writing the data in any given DMA transaction, writes a completion report to the host memory with respect to the given DMA transaction while verifying that the completion report will be available to the CPU only after all the data in the given DMA transaction have been written to the host memory.

Abstract: A method for communication includes receiving in a network device work requests posted by a host processor to perform a series of communication transactions, including at least a first transaction and a second transaction comprising first and second operations to be executed in a sequential order in response to corresponding first and work requests posted by the host processor. In response to the work requests, data packets are transmitted over a network from the network device to a destination node and corresponding responses are received from the destination node. Based on the received responses, completion of the first operations in the first transaction is reported from the network device to the host processor according to the sequential order, and completion of the second operation in the second transaction is reported from the network device to the host processor regardless of whether the first transaction has been completed.

Abstract: In one embodiment, data communication apparatus includes packet processing circuitry to receive data from a memory responsively to a data transfer request, and cryptographically process the received data in units of data blocks using a block cipher so as to add corresponding cryptographically processed data blocks to a sequence of data packets, the sequence including respective ones of the cryptographically processed data blocks having block boundaries that are not aligned with payload boundaries of respective one of the packets, such that respective ones of the cryptographically processed data blocks are divided into two respective segments, which are contained in successive respective ones of the packets in the sequence, and a network interface which includes one or more ports for connection to a packet data network and is configured to send the sequence of data packets to a remote device over the packet data network via the one or more ports.

Abstract: A system includes a host processor, which has a host memory and is coupled to store data in a non-volatile memory in accordance with a storage protocol. A network interface controller (NIC) receives data packets conveyed over a packet communication network from peer computers containing, in payloads of the data packets, data records that encode data in accordance with the storage protocol for storage in the non-volatile memory. The NIC processes the data records in the data packets that are received in order in each flow from a peer computer and extracts and writes the data to the host memory, and when a data packet arrives out of order, writes the data packet to the host memory without extracting the data and processes the data packets in the flow so as to recover context information for use in processing the data records in subsequent data packets in the flow.

Abstract: In one embodiment, data communication apparatus includes a network interface for connection to a network and configured to receive a sequence of data packets from a remote device over the network, the sequence including data blocks, ones of the data blocks having block boundaries that are not aligned with payload boundaries of the packets, and packet processing circuitry to cryptographically process the data blocks using a block cipher so as to write corresponding cryptographically processed data blocks to a memory, while holding segments of respective ones of the received data blocks in the memory, such that the packet processing circuitry stores a first segment of a data block of a first packet in the memory until a second packet is received, and then cryptographically processes the first and second segments together so as to write a corresponding cryptographically processed data block to the memory.

Abstract: A network adapter includes a network interface, a host interface and processing circuitry. The network interface connects to a communication network for communicating with remote targets. The host interface connects to a host that accesses a Multi-Channel Send Queue (MCSQ) storing Work Requests (WRs) originating from client processes running on the host. The processing circuitry is configured to retrieve WRs from the MCSQ and distribute the WRs among multiple Send Queues (SQs) accessible by the processing circuitry, and retrieve WRs from the multiple NSQs and execute data transmission operations specified in the WRs retrieved from the multiple NSQs.

Abstract: A network device in a communication network includes a controller and processing circuitry. The controller is configured to manage execution of an operation whose execution depends on inputs from a group of one or more work-request initiators. The processing circuitry is configured to read one or more values, which are set by the work-request initiators in one or more memory locations that are accessible to the work-request initiators and to the network device, and to trigger execution of the operation in response to verifying that the one or more values read from the one or more memory locations indicate that the work-request initiators in the group have provided the respective inputs.

Abstract: A system includes a host processor, which has a host memory and is coupled to store data in a non-volatile memory in accordance with a storage protocol. A network interface controller (NIC) receives data packets conveyed over a packet communication network from peer computers containing, in payloads of the data packets, data records that encode data in accordance with the storage protocol for storage in the non-volatile memory. The NIC processes the data records in the data packets that are received in order in each flow from a peer computer and extracts and writes the data to the host memory, and when a data packet arrives out of order, writes the data packet to the host memory without extracting the data and processes the data packets in the flow so as to recover context information for use in processing the data records in subsequent data packets in the flow.

Abstract: Computing apparatus includes a host computer, including at least first and second host bus interfaces. A network interface controller (NIC) includes a network port, for connection to a packet communication network, and first and second NIC bus interfaces, which communicate via first and second peripheral component buses with the first and second host bus interfaces, respectively. Packet processing logic, in response to packets received through the network port, writes data to the host memory concurrently via both the first and second NIC bus interfaces in a sequence of direct memory access (DMA) transactions, and after writing the data in any given DMA transaction, writes a completion report to the host memory with respect to the given DMA transaction while verifying that the completion report will be available to the CPU only after all the data in the given DMA transaction have been written to the host memory.

Abstract: A network adapter includes a network interface, a host interface and processing circuitry. The network interface connects to a communication network for communicating with remote targets. The host interface connects to a host that accesses a Multi-Channel Send Queue (MCSQ) storing Work Requests (WRs) originating from client processes running on the host. The processing circuitry is configured to retrieve WRs from the MCSQ and distribute the WRs among multiple Send Queues (SQs) accessible by the processing circuitry.

Abstract: A computing system includes at least one peripheral bus, a peripheral device connected to the at least one peripheral bus, at least one memory, and first and second system components. The first system component is (i) associated with a first address space in the at least one memory and (ii) connected to the peripheral device via the at least one peripheral bus. The second system component is (i) associated with a second address space in the at least one memory and (ii) connected to the peripheral device via the at least one peripheral bus. The first system component is arranged to cause the peripheral device to access the second address space that is associated with the second system component.

Abstract: A computer system includes a volatile memory and at least one processor. The volatile memory includes a protected storage segment (PSS) configured to store firmware-authentication program code for authenticating firmware of the computer system. The at least one processor is configured to receive a trigger to switch to a given version of the firmware, to obtain, in response to the trigger, a privilege to access the PSS, to authenticate the given version of the firmware by executing the firmware-authentication program code from the PSS, to switch to the given version of the firmware upon successfully authenticating the given version, and to take an alternative action upon failing to authenticate the given version.

Abstract: A network device in a communication network includes a controller and processing circuitry. The controller is configured to manage execution of an operation whose execution depends on inputs from a group of one or more work-request initiators. The processing circuitry is configured to read one or more values, which are set by the work-request initiators in one or more memory locations that are accessible to the work-request initiators and to the network device, and to trigger execution of the operation in response to verifying that the one or more values read from the one or more memory locations indicate that the work-request initiators in the group have provided the respective inputs.

Abstract: A network adapter includes a network interface, a host interface and processing circuitry. The network interface connects to a communication network for communicating with remote targets. The host interface connects to a host that accesses a Multi-Channel Send Queue (MCSQ) storing Work Requests (WRs) originating from client processes running on the host. The processing circuitry is configured to retrieve WRs from the MCSQ and distribute the WRs among multiple Send Queues (SQs) accessible by the processing circuitry.

Abstract: A method for data transfer includes transmitting a sequence of data packets from a first computer over a network to a second computer in a single RDMA data transfer transaction. Upon receipt of a second packet in the sequence without previously having received the first packet, the second computer sends a NAK packet over the network to the first computer, indicating that the first packet was not received. A retransmission mode is selected responsively to the type of the transaction, such that when the transaction is of a first type, the first packet is retransmitted from the first computer to the second computer in response to the NAK packet without retransmitting the second packet, and when the transaction is of a second type, both the first and second packets are retransmitted from the first computer to the second computer in response to the NAK packet.