Abstract: A network node includes a bus switching element, and a network adapter, an accelerator and a host, all coupled to communicate via the bus switching element. The network adapter is configured to communicate with remote nodes over a communication network. The host is configured to establish a RDMA link between the accelerator and the RDMA endpoint by creating a Queue Pair (QP) to be used by the accelerator for communication with the RDMA endpoint via the RDMA link. The accelerator is configured to exchange data, via the network adapter, between a memory of the accelerator and a memory of the RDMA endpoint.

Abstract: Computing apparatus includes a host processor, which runs a virtual machine monitor (VMM), which supports a plurality of virtual machines and includes a cryptographic security software module. A network interface controller (NIC) links the host processor to a network so as to transmit and receive data packets from and to the virtual machines and includes a cryptographic security hardware logic module, which when invoked by the VMM, applies the cryptographic security protocol to the data packets while maintaining a state context of the protocol with respect to each of the virtual machines. Upon encountering an exception in applying the cryptographic security protocol, the NIC transfers the data packet, together with the state context of the cryptographic security protocol with respect to the given virtual machine, to the cryptographic security software module for processing.

Abstract: Data processing apparatus includes a host processor and a network interface controller (NIC), which is configured to couple the host processor to a packet data network. A memory holds a flow state table containing context information with respect to computational operations to be performed on multiple packet flows conveyed between the host processor and the network. Acceleration logic is coupled to perform the computational operations on payloads of packets in the multiple packet flows using the context information in the flow state table.

Abstract: Computing apparatus includes a host processor, which runs a virtual machine monitor (VMM), which supports a plurality of virtual machines and includes a cryptographic security software module. A network interface controller (NIC) links the host processor to a network so as to transmit and receive data packets from and to the virtual machines and includes a cryptographic security hardware logic module, which when invoked by the VMM, applies the cryptographic security protocol to the data packets while maintaining a state context of the protocol with respect to each of the virtual machines. Upon encountering an exception in applying the cryptographic security protocol, the NIC transfers the data packet, together with the state context of the cryptographic security protocol with respect to the given virtual machine, to the cryptographic security software module for processing.

Abstract: A system including a network interface layer, and a physical network connection configured to connect with a networking medium, wherein the network interface layer is configured to: A) receive a user datagram protocol (UDP) message for sending, the UDP message having a length L, and a desired maximum network message size (MSS), B) segment the UDP message in accordance with the MSS into a plurality of message segments, each message segment having a size no greater than MSS, and adjust information in each of the plurality of message segments, and C) send the plurality of message segments via the physical network connection to a networking medium. Related apparatus and methods are also provided.

Abstract: Serialization and deserialization of an object are performed by transmitting metadata and addresses of data members in a byte stream through a data network, receiving the byte stream from the data network, defining a container for the object, obtaining the addresses of the data members in the first memory from the input byte stream, applying direct memory access (DMA) or remote direct memory access (RDMA) to read the data members using the obtained addresses, and writing the data members into the container to create a new instance of the object.

Abstract: A network element connected to a data network holds a flow of data packets in a queue and periodically determines a metric of the queue. Responsively to a predetermined value of the metric the queue is associated with an elephant flow or a mouse flow. The packets are marked according to the associated flow, and the network element sends the marked packets into the data network. Other network elements process the packets according to the associated flow marked therein.

Abstract: A method for interaction by a central processing unit (CPU) and peripheral devices in a computer includes allocating, in a memory, a work queue for controlling a first peripheral device of the computer. The CPU prepares a work request for insertion in the allocated work queue, the work request specifying an operation for execution by the first peripheral device. A second peripheral device of the computer submits an instruction to the first peripheral device to execute the work request that was prepared by the CPU and thereby to perform the operation specified by the work request.

Abstract: Serialization and deserialization of an object are performed by transmitting metadata and addresses of data members in a byte stream through a data network, receiving the byte stream from the data network, defining a container for the object, obtaining the addresses of the data members in the first memory from the input byte stream, applying direct memory access (DMA) or remote direct memory access (RDMA) to read the data members using the obtained addresses, and writing the data members into the container to create a new instance of the object.

Abstract: Computing apparatus includes a host processor, which runs a virtual machine monitor (VMM), which supports a plurality of virtual machines and includes a cryptographic security software module. A network interface controller (NIC) links the host processor to a network so as to transmit and receive data packets from and to the virtual machines and includes a cryptographic security hardware logic module, which when invoked by the VMM, applies the cryptographic security protocol to the data packets while maintaining a state context of the protocol with respect to each of the virtual machines. Upon encountering an exception in applying the cryptographic security protocol, the NIC transfers the data packet, together with the state context of the cryptographic security protocol with respect to the given virtual machine, to the cryptographic security software module for processing.

Abstract: A network element connected to a data network holds a flow of data packets in a queue and periodically determines a metric of the queue. Responsively to a predetermined value of the metric the queue is associated with an elephant flow or a mouse flow. The packets are marked according to the associated flow, and the network element sends the marked packets into the data network. Other network elements process the packets according to the associated flow marked therein.

Abstract: A network adapter includes one or more network ports, multiple bus interfaces, and a processor. The one or more network ports are configured to communicate with a communication network. The multiple bus interfaces are configured to communicate with multiple respective Central Processing Units (CPUs) that belong to a multi-CPU device. The processor is configured to support an Option-ROM functionality, in which the network adapter holds Option-ROM program instructions that are loadable and executable by the multi-CPU device during a boot process, and, in response to a request from the multi-CPU device to report the support of the Option-ROM functionality, to report the support of the Option-ROM functionality over only a single bus interface, selected from among the multiple bus interfaces connecting the network adapter to the multi-CPU device.

Abstract: A network interface controller that is connected to a host and a packet communications network. The network interface controller includes electrical circuitry configured as a packet processing pipeline with a plurality of stages. It is determined in the network interface controller that at least a portion of the stages of the pipeline are acceleration-defined stages. Packets are processed in the pipeline by transmitting data to an accelerator from the acceleration-defined stages, performing respective acceleration tasks on the transmitted data in the accelerator, and returning processed data from the accelerator to receiving stages of the pipeline.

Abstract: A method, apparatus, and computer program product for processing a data record including encrypted and decrypted data is described. Various embodiments include receiving a data record including ciphertext and plaintext blocks and determining whether each block in the data record is a ciphertext block or a plaintext block. If a block is a ciphertext block, the ciphertext block is stored into a ciphertext record, decrypted into a plaintext block utilizing a decryption algorithm, and stored in a plaintext record. If the block is a plaintext block, the plaintext block is stored into the plaintext record, encrypted into a ciphertext block utilizing an encryption algorithm, and stored in the ciphertext record. Embodiments described also include authenticating the data record by passing each block of the ciphertext record to an authentication scheme and outputting the plaintext record to a destination application.

Abstract: Packet processing apparatus includes a first interface coupled to a host processor and a second interface configured to transmit and receive data packets to and from a packet communication network. A memory holds context information with respect to one or more flows of the data packets conveyed between the host processor and the network in accordance with a reliable transport protocol and with respect to encoding, in accordance with a session-layer protocol, of data records that are conveyed in the payloads of the data packets in the one or more flows. Processing circuitry, coupled between the first and second interfaces, transmits and receives the data packets and includes acceleration logic, which encodes and decodes the data records in accordance with the session-layer protocol using the context information while updating the context information in accordance with the serial numbers and the data records of the transmitted data packets.

Abstract: A processor is configured to receive, from a client, a first message indicating a request to establish a connection between the client and a server, to ascertain that the first message does not include any cookie satisfying one or more criteria, to send, to the client, a second message that includes a first cookie, without allocating an endpoint on the server for the connection, in response to ascertaining that the first message does not include any cookie satisfying the criteria, to receive subsequently, from the client, a third message, to ascertain that the third message includes a second cookie, and that the second cookie satisfies the criteria, to allocate the endpoint for the connection in response to ascertaining that the second cookie satisfies the criteria, and to send, to the client, a fourth message indicating that the server is ready to receive data communication at the allocated endpoint.

Abstract: A network adapter includes one or more network ports, multiple bus interfaces, and a processor. The one or more network ports are configured to communicate with a communication network. The multiple bus interfaces are configured to communicate with multiple respective Central Processing Units (CPUs) that belong to a multi-CPU device. The processor is configured to support an Option-ROM functionality, in which the network adapter holds Option-ROM program instructions that are loadable and executable by the multi-CPU device during a boot process, and, in response to a request from the multi-CPU device to report the support of the Option-ROM functionality, to report the support of the Option-ROM functionality over only a single bus interface, selected from among the multiple bus interfaces connecting the network adapter to the multi-CPU device.

Abstract: A processor is configured to receive, from a client, a first message indicating a request to establish a connection between the client and a server, to ascertain that the first message does not include any cookie satisfying one or more criteria, to send, to the client, a second message that includes a first cookie, without allocating an endpoint on the server for the connection, in response to ascertaining that the first message does not include any cookie satisfying the criteria, to receive subsequently, from the client, a third message, to ascertain that the third message includes a second cookie, and that the second cookie satisfies the criteria, to allocate the endpoint for the connection in response to ascertaining that the second cookie satisfies the criteria, and to send, to the client, a fourth message indicating that the server is ready to receive data communication at the allocated endpoint.

Abstract: A Network Interface Controller (NIC) includes a network interface, a peer interface and steering logic. The network interface is configured to receive incoming packets from a communication network. The peer interface is configured to communicate with a peer NIC not via the communication network. The steering logic is configured to classify the packets received over the network interface into first incoming packets that are destined to a local Central Processing Unit (CPU) served by the NIC, and second incoming packets that are destined to a remote CPU served by the peer NIC, to forward the first incoming packets to the local CPU, and to forward the second incoming packets to the peer NIC over the peer interface not via the communication network.

Abstract: Peripheral apparatus for use with a host computer includes an add-on device, which includes a first network port coupled to one end of a packet communication link and add-on logic, which is configured to receive and transmit packets containing data over the packet communication link and to perform computational operations on the data. A network interface controller (NIC) includes a host bus interface, configured for connection to the host bus of the host computer and a second network port, coupled to the other end of the packet communication link. Packet processing logic in the NIC is coupled between the host bus interface and the second network port, and is configured to translate between the packets transmitted and received over the packet communication link and transactions executed on the host bus so as to provide access between the add-on device and the resources of the host computer.