Patents by Inventor Mesut A. Ergin
Mesut A. Ergin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11943340Abstract: In some examples, for process-to-process communication, such as in function linking, a virtual channel can be provisioned to provide virtual machine to virtual machine communications. In response to a transmit request from a source virtual machine, the virtual channel can cause a data copy from a source buffer associated with the source virtual machine without decryption or encryption. The virtual channel provisions a key identifier for the copied data. The destination virtual machine can receive an indication data is available and can cause the data to be decrypted using a key accessed using the key identifier and source address of the copied data. In addition, the data can be encrypted using a second, different key for storage in a destination buffer associated with the destination virtual machine. In some examples, the key identifier and source address is managed by the virtual channel and is not visible to virtual machine or hypervisor.Type: GrantFiled: April 19, 2019Date of Patent: March 26, 2024Assignee: Intel CorporationInventors: Bo Cui, Cunming Liang, Jr-Shian Tsai, Ping Yu, Xiaobing Qian, Xuekun Hu, Lin Luo, Shravan Nagraj, Xiaowen Zhang, Mesut A. Ergin, Tsung-Yuan C. Tai, Andrew J. Herdrich
-
Patent number: 11831663Abstract: Methods and apparatus for secure networking protocol optimization via NIC hardware offloading. Under a method, security offload entries are cached in a flow table or a security database offload table on a network interface coupled to a host that implements a host security database mapping flows to Security Association (SA) contexts. Each security offload entry includes information identify a flow and information, such as an offset value, to locate a corresponding entry for the flow in the host security database. Hardware descriptors for received packets that belong to flows with matching security offload entries are generated and marked with the information used to locate the corresponding entries in the host security database. The hardware descriptors are processed by software on the host and the location information is used to de-reference the location of applicable entries in the host security database.Type: GrantFiled: October 10, 2019Date of Patent: November 28, 2023Assignee: Intel CorporationInventors: Mesut Ergin, Ping Yu, Declan Doherty, Yuwei Zhang
-
Publication number: 20230109637Abstract: A processor of an aspect includes a decode unit to decode an aperture access instruction, and an execution unit coupled with the decode unit. The execution unit, in response to the aperture access instruction, is to read a host physical memory address, which is to be associated with an aperture that is to be in system memory, from an access protected structure, and access data within the aperture at a host physical memory address that is not to be obtained through address translation. Other processors are also disclosed, as are methods, systems, and machine-readable medium storing aperture access instructions.Type: ApplicationFiled: August 29, 2022Publication date: April 6, 2023Inventors: Barry E. Huntley, Jr-Shian Tsai, Gilbert Neiger, Rajesh M. Sankaran, Mesut A. Ergin, Ravi L. Sahita, Andrew J. Herdrich, Wei Wang
-
Patent number: 11513957Abstract: Methods and apparatus implementing Hardware/Software co-optimization to improve performance and energy for inter-VM communication for NFVs and other producer-consumer workloads. The apparatus include multi-core processors with multi-level cache hierarchies including and L1 and L2 cache for each core and a shared last-level cache (LLC). One or more machine-level instructions are provided for proactively demoting cachelines from lower cache levels to higher cache levels, including demoting cachelines from L1/L2 caches to an LLC. Techniques are also provided for implementing hardware/software co-optimization in multi-socket NUMA architecture system, wherein cachelines may be selectively demoted and pushed to an LLC in a remote socket. In addition, techniques are disclosure for implementing early snooping in multi-socket systems to reduce latency when accessing cachelines on remote sockets.Type: GrantFiled: September 21, 2020Date of Patent: November 29, 2022Assignee: Intel CorporationInventors: Ren Wang, Andrew J. Herdrich, Yen-cheng Liu, Herbert H. Hum, Jong Soo Park, Christopher J. Hughes, Namakkal N. Venkatesan, Adrian C. Moga, Aamer Jaleel, Zeshan A. Chishti, Mesut A. Ergin, Jr-shian Tsai, Alexander W. Min, Tsung-yuan C. Tai, Christian Maciocco, Rajesh Sankaran
-
Patent number: 11442760Abstract: A processor of an aspect includes a decode unit to decode an aperture access instruction, and an execution unit coupled with the decode unit. The execution unit, in response to the aperture access instruction, is to read a host physical memory address, which is to be associated with an aperture that is to be in system memory, from an access protected structure, and access data within the aperture at a host physical memory address that is not to be obtained through address translation. Other processors are also disclosed, as are methods, systems, and machine-readable medium storing aperture access instructions.Type: GrantFiled: July 1, 2016Date of Patent: September 13, 2022Assignee: Intel CorporationInventors: Barry E. Huntley, Jr-Shian Tsai, Gilbert Neiger, Rajesh M. Sankaran, Mesut A. Ergin, Ravi L. Sahita, Andrew J. Herdrich, Wei Wang
-
Patent number: 11412059Abstract: Technologies for managing paravirtual network device queue and memory of a network computing device that includes multi-core processor, a multi-layer cache, a host, and a plurality of virtual machine instances. The host is assigned a processor core of the processor and may be configured to copy a received network packet to a last level cache of the multi-layer cache and determine one or more virtual machine instances configured to process the received network packet. Each virtual machine instance has been assigned a processor core of the processor and has been allocated a first level cache of the multi-level cache memory associated with the respective processor core. The host is additionally configured to inject an interrupt into each processor core of the determined virtual machine (s) which indicates to the virtual machine instance (s) that the received network packet is available to be processed.Type: GrantFiled: September 30, 2016Date of Patent: August 9, 2022Assignee: INTEL CORPORATIONInventors: Huawei Xie, Jun Nakajima, David E. Cohen, Mesut A. Ergin, Wei Wang
-
Publication number: 20220150055Abstract: In some examples, for process-to-process communication, such as in function linking, a virtual channel can be provisioned to provide virtual machine to virtual machine communications. In response to a transmit request from a source virtual machine, the virtual channel can cause a data copy from a source buffer associated with the source virtual machine without decryption or encryption. The virtual channel provisions a key identifier for the copied data. The destination virtual machine can receive an indication data is available and can cause the data to be decrypted using a key accessed using the key identifier and source address of the copied data. In addition, the data can be encrypted using a second, different key for storage in a destination buffer associated with the destination virtual machine. In some examples, the key identifier and source address is managed by the virtual channel and is not visible to virtual machine or hypervisor.Type: ApplicationFiled: April 19, 2019Publication date: May 12, 2022Inventors: Bo CUI, Cunming LIANG, Jr-Shian TSAI, Ping YU, Xiaobing QIAN, Xuekun HU, Lin LUO, Shravan NAGRAJ, Xiaowen ZHANG, Mesut A. ERGIN, Tsung-Yuan C. TAI, Andrew J. HERDRICH
-
Publication number: 20210203740Abstract: Technologies for managing paravirtual network device queue and memory of a network computing device that includes multi-core processor, a multi-layer cache, a host, and a plurality of virtual machine instances. The host is assigned a processor core of the processor and may be configured to copy a received network packet to a last level cache of the multi-layer cache and determine one or more virtual machine instances configured to process the received network packet. Each virtual machine instance has been assigned a processor core of the processor and has been allocated a first level cache of the multi-level cache memory associated with the respective processor core. The host is additionally configured to inject an interrupt into each processor core of the determined virtual machine (s) which indicates to the virtual machine instance (s) that the received network packet is available to be processed.Type: ApplicationFiled: September 30, 2016Publication date: July 1, 2021Inventors: Huawei XIE, Jun NAKAJIMA, David E. COHEN, Mesut A. ERGIN, Wei WANG
-
Publication number: 20210004328Abstract: Methods and apparatus implementing Hardware/Software co-optimization to improve performance and energy for inter-VM communication for NFVs and other producer-consumer workloads. The apparatus include multi-core processors with multi-level cache hierarchies including and L1 and L2 cache for each core and a shared last-level cache (LLC). One or more machine-level instructions are provided for proactively demoting cachelines from lower cache levels to higher cache levels, including demoting cachelines from L1/L2 caches to an LLC. Techniques are also provided for implementing hardware/software co-optimization in multi-socket NUMA architecture system, wherein cachelines may be selectively demoted and pushed to an LLC in a remote socket. In addition, techniques are disclosure for implementing early snooping in multi-socket systems to reduce latency when accessing cachelines on remote sockets.Type: ApplicationFiled: September 21, 2020Publication date: January 7, 2021Inventors: Ren Wang, Andrew J. Herdrich, Yen-cheng Liu, Herbert H. Hum, Jong Soo Park, Christopher J. Hughes, Namakkal N. Venkatesan, Adrian C. Moga, Aamer Jaleel, Zeshan A. Chishti, Mesut A. Ergin, Jr-shian Tsai, Alexander W. Min, Tsung-yuan C. Tai, Christian Maciocco, Rajesh Sankaran
-
Patent number: 10817425Abstract: Methods and apparatus implementing Hardware/Software co-optimization to improve performance and energy for inter-VM communication for NFVs and other producer-consumer workloads. The apparatus include multi-core processors with multi-level cache hierarchies including and L1 and L2 cache for each core and a shared last-level cache (LLC). One or more machine-level instructions are provided for proactively demoting cachelines from lower cache levels to higher cache levels, including demoting cachelines from L1/L2 caches to an LLC. Techniques are also provided for implementing hardware/software co-optimization in multi-socket NUMA architecture system, wherein cachelines may be selectively demoted and pushed to an LLC in a remote socket. In addition, techniques are disclosure for implementing early snooping in multi-socket systems to reduce latency when accessing cachelines on remote sockets.Type: GrantFiled: December 26, 2014Date of Patent: October 27, 2020Assignee: Intel CorporationInventors: Ren Wang, Andrew J. Herdrich, Yen-cheng Liu, Herbert H. Hum, Jong Soo Park, Christopher J. Hughes, Namakkal N. Venkatesan, Adrian C. Moga, Aamer Jaleel, Zeshan A. Chishti, Mesut A. Ergin, Jr-shian Tsai, Alexander W. Min, Tsung-yuan C. Tai, Christian Maciocco, Rajesh Sankaran
-
Patent number: 10713195Abstract: Embodiments of an invention interrupts between virtual machines are disclosed. In an embodiment, a processor includes an instruction unit and an execution unit, both implemented at least partially in hardware of the processor. The instruction unit is to receive an instruction to send an interrupt to a target virtual machine. The execution unit is to execute the instruction on a sending virtual machine without exiting the sending virtual machine. Execution of the instruction includes using a handle specified by the instruction to find a posted interrupt descriptor.Type: GrantFiled: January 15, 2016Date of Patent: July 14, 2020Assignee: Intel CorporationInventors: Jr-Shian Tsai, Ravi L Sahita, Mesut A Ergin, Rajesh M Sankaran, Gilbert Neiger, Jun Nakajima, Edwin Verplanke, Barry E Huntley, Tsung-Yuan C Tai
-
Publication number: 20200059485Abstract: Methods and apparatus for secure networking protocol optimization via NIC hardware offloading. Under a method, security offload entries are cached in a flow table or a security database offload table on a network interface coupled to a host that implements a host security database mapping flows to Security Association (SA) contexts. Each security offload entry includes information identify a flow and information, such as an offset value, to locate a corresponding entry for the flow in the host security database. Hardware descriptors for received packets that belong to flows with matching security offload entries are generated and marked with the information used to locate the corresponding entries in the host security database. The hardware descriptors are processed by software on the host and the location information is used to de-reference the location of applicable entries in the host security database.Type: ApplicationFiled: October 10, 2019Publication date: February 20, 2020Inventors: Mesut Ergin, Ping Yu, Declan Doherty, Yuwei Zhang
-
Patent number: 10567510Abstract: Various embodiments are generally directed to techniques for improving the efficiency of exchanging packets between pairs of VMs within a communications server. An apparatus may include a processor component; a network interface to couple the processor component to a network; a virtual switch to analyze contents of at least one packet of a set of packets to be exchanged between endpoint devices through the network and the communications server, and to route the set of packets through one or more virtual servers of multiple virtual servers based on the contents; and a transfer component of a first virtual server of the multiple virtual servers to determine whether to route the set of packets to the virtual switch or to transfer the set of packets to a second virtual server of the multiple virtual servers in a manner that bypasses the virtual switch based on a routing rule.Type: GrantFiled: October 2, 2017Date of Patent: February 18, 2020Assignee: INTEL CORPORATIONInventors: Mesut A. Ergin, Jr-Shian Tsai, Janet Tseng, Ren Wang, Jun Nakajima, Tsung-Yuan Tai
-
Patent number: 10469451Abstract: Technologies for distributed detection of security anomalies include a computing device to establish a trusted relationship with a security server. The computing device reads one or more packets of at least one of an inter-virtual network function network or an inter-virtual network function component network in response to establishing the trusted relationship and performs a security threat assessment of the one or more packets. The computing device transmits the security threat assessment to the security server.Type: GrantFiled: December 31, 2016Date of Patent: November 5, 2019Assignee: Intel CorporationInventors: Kapil Sood, Mesut A. Ergin, John R. Fastabend, Shinae Woo, Jeffrey B. Shaw, Brian J. Skerry
-
Patent number: 10356012Abstract: Various embodiments are generally directed to techniques for improving the efficiency of exchanging packets among multiple VMs within a communications server, and between the communications server and other devices in a communications system. An apparatus may include a virtual switch to analyze contents of at least one packet of a set of packets to be exchanged between endpoint devices through a network, and to correlate the contents to a pathway to extend through one or more of the VMs that are each configured as virtual servers of multiple virtual servers; and an interface control component to select at least one virtual network interface of each of the one or more virtual servers along the pathway to operate in a polling mode, and to select a virtual network interface of at least one virtual server of the multiple virtual servers not along the pathway to operate in a non-polling mode.Type: GrantFiled: August 20, 2015Date of Patent: July 16, 2019Assignee: INTEL CORPORATIONInventors: Alexander W. Min, Tsung-Yuan Tai, Ren Wang, Mesut A. Ergin, Jr-Shian Tsai
-
Patent number: 10331492Abstract: Examples may include techniques to coordinate the sharing of resources among virtual elements, including service chains, supported by a shared pool of configurable computing resources based on relative priority among the virtual element and service chains. Information including indications of the performance of the service chains and also the relative priority of the service chains may be received. The resource allocation of portions of the shared pool of configurable computing resources supporting the service chains can be adjusted based on the received performance and priority information.Type: GrantFiled: August 14, 2017Date of Patent: June 25, 2019Assignee: INTEL CORPORATIONInventors: Andrew J. Herdrich, Kapil Sood, Nrupal R. Jani, David J. Harriman, Mesut A. Ergin, Scott P. Dubal, Ravishankar Iyer
-
Patent number: 10133336Abstract: Systems and methods may provide for identifying runtime information associated with an active workload of a platform, and making an active idle state determination for the platform based on at least in part the runtime information. In addition, a low power state of a shared resource on the platform may be controlled concurrently with an execution of the active workload based on at least in part the active idle state determination.Type: GrantFiled: November 27, 2012Date of Patent: November 20, 2018Assignee: Intel CorporationInventors: Ren Wang, Tsung-Yuan C. Tai, Jr-Shian Tsai, Bruce L. Fleming, Rajeev D. Muralidhar, Mesut A. Ergin, Prakash N. Iyer, Harinarayanan Seshadri
-
Publication number: 20180270309Abstract: Various embodiments are generally directed to techniques for improving the efficiency of exchanging packets between pairs of VMs within a communications server. An apparatus may include a processor component; a network interface to couple the processor component to a network; a virtual switch to analyze contents of at least one packet of a set of packets to be exchanged between endpoint devices through the network and the communications server, and to route the set of packets through one or more virtual servers of multiple virtual servers based on the contents; and a transfer component of a first virtual server of the multiple virtual servers to determine whether to route the set of packets to the virtual switch or to transfer the set of packets to a second virtual server of the multiple virtual servers in a manner that bypasses the virtual switch based on a routing rule.Type: ApplicationFiled: October 2, 2017Publication date: September 20, 2018Applicant: INTEL CORPORATIONInventors: MESUT A. ERGIN, JR-SHIAN TSAI, JANET TSENG, REN WANG, JUN NAKAJIMA, TSUNG-YUAN TAI
-
Publication number: 20180060136Abstract: Examples may include techniques to coordinate the sharing of resources among virtual elements, including service chains, supported by a shared pool of configurable computing resources based on relative priority among the virtual element and service chains. Information including indications of the performance of the service chains and also the relative priority of the service chains may be received. The resource allocation of portions of the shared pool of configurable computing resources supporting the service chains can be adjusted based on the received performance and priority information.Type: ApplicationFiled: August 14, 2017Publication date: March 1, 2018Applicant: INTEL CORPORATIONInventors: ANDREW J. HERDRICH, KAPIL SOOD, NRUPAL R. JANI, DAVID J. HARRIMAN, MESUT A. ERGIN, SCOTT P. DUBAL, RAVISHANKAR IYER
-
Publication number: 20180004562Abstract: A processor of an aspect includes a decode unit to decode an aperture access instruction, and an execution unit coupled with the decode unit. The execution unit, in response to the aperture access instruction, is to read a host physical memory address, which is to be associated with an aperture that is to be in system memory, from an access protected structure, and access data within the aperture at a host physical memory address that is not to be obtained through address translation. Other processors are also disclosed, as are methods, systems, and machine-readable medium storing aperture access instructions.Type: ApplicationFiled: July 1, 2016Publication date: January 4, 2018Applicant: Intel CorporationInventors: Barry E. Huntley, Jr-Shian Tsai, Gilbert Neiger, Rajesh M. Sankaran, Mesut A. Ergin, Ravi L. Sahita, Andrew J. Herdrich, Wei Wang