Abstract: Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch may redirect a packet sent by a new or migrated virtual machine to the network control software as a notification. The switch does not forward the packet, thereby protecting against denial of service attacks. The switch further adds to a forwarding database a temporary entry which includes a “No_Redirect” flag for a new source MAC address, or updates an existing entry for a source MAC address that hits in the forwarding database by setting the “No_Redirect” flag. The “No_Redirect” flag indicates whether a notification has already been sent to the network control software for this source MAC address. The switch may periodically retry the notification to the network control software, until the network control software validates the source MAC address, depending on whether the “No_Redirect” is set.

Abstract: Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch may redirect a packet sent by a new or migrated virtual machine to the network control software as a notification. The switch does not forward the packet, thereby protecting against denial of service attacks. The switch further adds to a forwarding database a temporary entry which includes a “No_Redirect” flag for a new source MAC address, or updates an existing entry for a source MAC address that hits in the forwarding database by setting the “No_Redirect” flag. The “No_Redirect” flag indicates whether a notification has already been sent to the network control software for this source MAC address. The switch may periodically retry the notification to the network control software, until the network control software validates the source MAC address, depending on whether the “No_Redirect” is set.

Abstract: A mechanism is provided for sharing a communication used by a parser (parser path) in a network adapter of a network processor for sending requests for a process to be executed by an external coprocessor. The parser path is shared by processors of the network processor (software path) to send requests to the external processor. The mechanism uses for the software path a request mailbox comprising a control address and a data field accessed by MMIO for sending two types of messages, one message type to read or write resources and one message type to trigger an external process in the coprocessor and a response mailbox for receiving response from the external coprocessor comprising a data field and a flag field. The other processors of the network poll the flag until set and get the coprocessor result in the data field.

Abstract: A network packet includes a packet key that includes one or more source-destination field pairs. Each source-destination field pair that is included in the one or more source-destination field pairs includes a source field and a destination field. For each selected source-destination field pair, included in the one or more source-destination field pairs, a first section and a second section are selected in the packet key. A source field value is extracted from the source field and a destination field value is extracted from the destination field of the selected source-destination field pair.

Abstract: A mechanism is provided for merging in a network processor results from a parser and results from an external coprocessor providing processing support requested by said parser. The mechanism enqueues in a result queue both parser results needing to be merged with a coprocessor result and parser results which have no need to be merged with a coprocessor result. An additional queue is used to enqueue the addresses of the result queue where the parser results are stored. The result from the coprocessor is received in a simple response register. The coprocessor result is read by the result queue management logic from the response register and merged to the corresponding incomplete parser result read in the result queue at the address enqueued in the additional queue.

Abstract: A method, a system, and a computer program product is disclosed for identifying a quality of service (QoS) classification of a packet in a network by a network processor. The method comprising: providing a table wherein a priority value with a maximum of N values is used as an index into the table to retrieve a QoS classification having a maximum of M values with M less than N; receiving a data packet in a stream of data packets; extracting at least two priority indicator values from the packet; converting the at least two priority indicator values into a priority value; utilizing the priority value as an index into the table; extracting the entry in the table corresponding to the priority value as the QoS classification of the packet; and utilizing the QoS classification for subsequent processing of the data packet.

Abstract: Apparatuses and methods to manage a global forwarding table in a distributed switch are provided. A particular method may include managing a global forwarding table in a distributed switch. The distributed switch may include a plurality of switch forwarding units. The method may start a timer for an entry in the global forwarding table, and the entry may include a multicast destination address and corresponding multicast membership information. The method may also, in response to expiration of the timer of the entry, check at least one hit status to determine whether at least one switch forwarding unit of the plurality of switch forwarding units has forwarded multicast data to the corresponding multicast membership information of the multicast destination address of the entry. The method may further determine whether the entry is a cast-out candidate based on the hit status.

Abstract: A mechanism is provided for merging in a network processor results from a parser and results from an external coprocessor providing processing support requested by said parser. The mechanism enqueues in a result queue both parser results needing to be merged with a coprocessor result and parser results which have no need to be merged with a coprocessor result. An additional queue is used to enqueue the addresses of the result queue where the parser results are stored. The result from the coprocessor is received in a simple response register. The coprocessor result is read by the result queue management logic from the response register and merged to the corresponding incomplete parser result read in the result queue at the address enqueued in the additional queue.

Abstract: Apparatuses and methods to request multicast membership information in a distributed switch are provided. A particular method may include requesting multicast membership information of a group identified by a multicast destination address in a distributed switch. The distributed switch may include a plurality of distributed switch elements with a plurality of switch forwarding units. The method may generate a miss event indicating that the multicast destination address is unregistered in a switch forwarding unit of a distributed switch element and there is a need for the multicast membership information. The method may also request the multicast membership information of the multicast destination address in response to the miss event. The method may further initiate a query for the multicast membership information of the multicast destination address in response to the request.

Abstract: Link aggregation is a practice that uses multiple Ethernet links between two end points in order to obtain higher bandwidth and resiliency than possible with a single link. A flow distribution technique is provided to distribute traffic between the two end points equally across all links in the group and achieve greater efficiency. The flow distribution technique generates and sub-divides a hash value based on received packet flow. The divided portions of the hash value are used in a hierarchical fashion to select a link to use for this packet.

Abstract: Link aggregation is a practice that uses multiple Ethernet links between two end points in order to obtain higher bandwidth and resiliency than possible with a single link. A flow distribution technique is provided to distribute traffic between the two end points equally across all links in the group and achieve greater efficiency. The flow distribution technique generates and sub-divides a hash value based on received packet flow. The divided portions of the hash value are used in a hierarchical fashion to select a link to use for this packet.

Abstract: Disclosed is a method and system for validating a data packet by a network processor supporting a first network protocol and a second network protocol and utilizing shared hardware. The network processor receives a data packet; identifies a network packet protocol for the data packet; and processes the data packet according to the network packet protocol comprising: updating a first register with a first partial packet length specific to the first network protocol; updating a second register with a second partial packet length specific to the second network protocol; and updating a third register with a first checksum computed from fields independent of the network protocol. The system produces a second checksum utilizing a function that combines values from the first register, the second register, and the third register. The system validates the data packet by comparing the data packet checksum to the second checksum.

Abstract: Disclosed is a method for validating a data packet by a network processor supporting a first-network protocol and a second network protocol and utilizing shared hardware. The network processor receives a data packet; identifies a network packet protocol for the data packet; and processes the data packet according to the network packet protocol comprising: updating a first register with a first partial packet length specific to the first network protocol; updating a second register with a second partial packet length specific to the second network protocol; and updating a third register with a first checksum computed from fields independent of the network protocol. The method produces a second checksum utilizing a function that combines values from the first register, the second register, and the third register. The method validates the data packet by comparing the data packet checksum to the second checksum.

Abstract: Access control lists (ACLs) include one or more rules that each define a condition and one or more actions to be performed if the condition is satisfied. In one embodiment, the conditions are stored on a ternary content-addressable memory (TCAM), which receives a portion of network traffic, such as a frame header, and compares different portions of the header to entries in the TCAM. If the frame header satisfies the condition, the TCAM reports the match to other elements in the ACL. For certain conditions, the TCAM may divide the condition into a plurality of sub-conditions which are each stored in a row of the TCAM. To efficiently use the limited space in TCAM, the networking element may include one or more comparator units which check for special-case conditions. The comparator units may be used in lieu of the TCAM to determine whether the condition is satisfied.

Abstract: Access control lists (ACLs) include one or more rules that each define a condition and one or more actions to be performed if the condition is satisfied. In one embodiment, the conditions are stored on a ternary content-addressable memory (TCAM), which receives a portion of network traffic, such as a frame header, and compares different portions of the header to entries in the TCAM. If the frame header satisfies the condition, the TCAM reports the match to other elements in the ACL. For certain conditions, the TCAM may divide the condition into a plurality of sub-conditions which are each stored in a row of the TCAM. To efficiently use the limited space in TCAM, the networking element may include one or more comparator units which check for special-case conditions. The comparator units may be used in lieu of the TCAM to determine whether the condition is satisfied.

Abstract: Access control lists (ACLs) permit network administrators to manage network traffic flowing through a networking element to optimize network security, performance, quality of service (QoS), and the like. If a networking element has multiple ACLs directed towards different types of network optimization, each ACL may return a separate action set that identifies one or more actions the networking element should perform based on a received frame. In some cases, these action sets may conflict. To resolve the conflicts, a networking element may include resolution logic that selects one of the conflicting actions based on a predefined precedence value assigned to each action in an action set. By comparing the different precedence values, the resolution logic generates a new action set based on the actions with the highest precedence value.

Abstract: According to embodiments of the invention, there is provided a method for operating a network processor. The network processor receiving a first data packet in a stream of data packets and a set of receive-queues adapted to store receive data packets. The network processor processing the first data packet by reading a flow identification in the first data packet; determining a quality of service for the first data packet; mapping the flow identification and the quality of service into an index for selecting a first receive-queue for routing the first data packet; and utilizing the index to route the first data packet to the first receive-queue.

Abstract: A network packet includes a packet key that includes one or more source-destination field pairs. Each source-destination field pair that is included in the one or more source-destination field pairs includes a source field and a destination field. For each selected source-destination field pair, included in the one or more source-destination field pairs, a first section and a second section are selected in the packet key. A source field value is extracted from the source field and a destination field value is extracted from the destination field of the selected source-destination field pair.

Abstract: A network packet includes a packet key that includes one or more source-destination field pairs that each include a source field and a destination field. For each selected source-destination field pair, first and second sections are selected in the packet key. A source field value is extracted from the source field and a destination field value is extracted from the destination field. For each source bit of the source field value: a destination bit is selected from the destination field; an OR logic function is applied to the source bit and the destination bit to generate a first resulting value is stored at the same bit position as the source bit in the first section; an AND logic function is applied to the source bit and the destination bit to generate a second resulting value stored at the same bit position as the source bit in the second section.

Abstract: A network processor includes first communication protocol ports that each support ‘M’ minimum size packet data path traffic on ‘N’ lanes at ‘S’ Gigabits per second (Gbps) and traffic with different communication protocol units on ‘n’ additional lanes at ‘s’ Gbps. The first communication protocol ports support access to an external coprocessor using parsing logic located in each of the first communication protocol ports. The parsing logic, during a parsing period, is configured to send a request to the external coprocessor at reception of a ‘M’ size packet and to receive a response from the external coprocessor. The parsing logic sends a request maximum ‘m’ size byte word to the external coprocessor on one of the additional lanes and receives a response maximum ‘m’ size byte word from the external coprocessor on the one of the additional lanes while complying with the equation N×S/M=<n×s/m.