Abstract: Methods and systems for autonomous rule-based task coordination amongst edge devices are disclosed. Embodiments of the present technology may include a method for processing packet traffic at an edge device, the method including determining a side of a communication that corresponds to an edge device with regard to packet traffic. Embodiments may also include applying a task distribution rule to the packet traffic using the determined side of the communication that corresponds to the edge device to determine if a particular task related to the packet traffic should be executed at the edge device. In some embodiments, the task distribution rule is configured to ensure that the particular task is executed at only one side of the communication.

Abstract: Data centers often run long lived services such as web servers that are intended to run for hours, days, or even longer before being torn down and replaced with another instance of the long-lived service. Currently, many applications are being implemented with microservice architectures that run short lived services that start up, implement an operation, and are then torn down. An aspect of starting up a service is creating administrative data structures such as InfiniBand queue pairs. A packet processing pipeline having a DMA output stage can be configured to create the administrative data structures, thereby increasing the rate at which the administrative data structures are created. As a result, services running in data centers can be started up more rapidly and efficiently.

Abstract: Network appliances can use packet processing pipeline circuits to implement network rules for processing network packet flows by configuring the pipeline's processing stages to execute specific policies for specific network packets in accordance with the network rules. Trace reports that indicate network rules implemented at specific processing stages can be more informative than those indicating policies implemented by the processing stages. A method implemented by a network appliance can store network rules for processing network flows by the processing stages of a packet processing pipeline circuit. The method can produce a trace report in response to receiving a trace directive for one of the network flows wherein one of the processing stages has applied a network rule to a network packet in one of the network flows. The trace report can indicate the network rule in association with the processing stage and the network flow.

Abstract: A network appliance can have an input port that can receive network packets at line rate, two or more ingress queues, a line rate classification circuit that can place the network packets on the ingress queues at the line rate, a packet buffer that can store the network packets, and a sub line rate packet processing circuit that can process the network packets that are stored in the packet buffer. The line rate classification circuit can place a network packet on one of the ingress queues based on the network packet's packet contents. A buffer scheduler can select network packets for processing by a sub line rate packet processing circuit based on the priority levels of the ingress queues.

Abstract: A network appliance can be configured for storing a plurality of flow table entries in a flow table of a match-action pipeline, wherein the match-action pipeline is implemented via a packet processing circuit configured to process a plurality of network traffic flows associated with the plurality of flow table entries. An extended packet processing pipeline of the network appliance can read a flow table entry of the flow table. The extended packet processing pipeline can be implemented via a pipeline circuit. The extended packet processing pipeline can determine that a network traffic flow associated with the flow table entry is expired or terminated. The network appliance can delete the flow table entry from the flow table by processing a traffic flow deletion operation after determining that the network traffic flow is expired or terminated.

Abstract: Methods and system for directing traffic flows to a fast data path or a slow data path are disclosed. Parsers can produce packet header vectors (PHVs) for use in match-action units. The PHVs are also used to generate feature vectors for the traffic flows. A flow training engine produces a classification model. Feature vectors input to the classification model result in output predictions predicting if a traffic flow will be long lived or short lived. The classification models are used by network appliances to install traffic flows into fast data paths or the slow data paths based on the predictions.

Abstract: InfiniBand transport protocol today supports RDMA operations such as read and write with each operation having an opcode defined in the InfiniBand standard. Currently, new RDMA operations require extending the transport protocol by defining a new opcode, its respective header and enhancing InfiniBand implementations to support this new behavior. A more robust way of extending RDMA without requiring an expanding set of opcodes is to register computer code by associating it with a code key similar to a memory key. An InfiniBand channel adapter receiving an RDMA request that includes a code key executes the associated computer code, perhaps compiling it first, in response to receiving the RDMA request. The RDMA response returned to the requester includes an execution result indicating an outcome of executing the executable computer code.

Abstract: The InfiniBand transport protocol supports the concept of a SRQ (shared receive queue) by which multiple QPs (queue pairs) can share the same receive queue resources. According to the InfiniBand Specification, when a SRQ is enabled, flow control needs to be disabled. The lack of flow control mechanism results in there being no fairness guarantees across multiple requesters. Fairness across requesters can be obtained by implementing a SRQ configured to receive request messages from requesters initiating transactions that consume WQEs (work queue elements) of the SRQ, monitoring consumption of the WQEs by the requesters, determining that a requester has a WQE consumption exceeding a policing threshold, and in response to determining that the WQE consumption of the requester exceeds the policing threshold, sending a response message to the requester that results in reducing the WQE consumption of the requester.

Abstract: Methods and systems for distributing instructions amongst processing units in a processing pipeline are disclosed. A method includes compiling a set of instructions for a stage of a multistage programmable processing pipeline in which the stage of the multistage programmable processing pipeline includes multiple processing units configured to processes instructions in parallel, wherein compiling the set of instructions includes, identifying first and second subsets of instructions within the set of instructions that can be executed independent of each other, assigning the first subset of instructions to a first processing unit of the stage, assigning the second subset of instructions to a second processing unit of the stage, and executing the first and second subsets of instructions in parallel at the first and second processing units, respectively.

Abstract: Methods and systems for implementing communications between a Management Controller (MC) and a Network Controller (NC) are disclosed. Embodiments of the present technology may include a method for implementing communications between an MC and an NC that involves establishing Internet Protocol (IP) connectivity between the MC and the NC using Network Controller Sideband Interface (NC-SI) control packets and communicating between the MC and the NC via an NC-SI and the established IP connectivity.

Abstract: Described are platforms, systems, and methods for actuating transmission control protocol/Internet protocol (TCP/IP) through a method comprises: identifying a computer workload during a handshake process for establishing a network connection with a remote host; configuring, based on the computer workload, one or more TCP/IP parameters of the network connection; and completing the handshake process to establish the network connection with the remote host.

Abstract: Described are platforms, systems, and methods for processing a chain of operations through an input output (IO) subsystem without central processing unit (CPU) involvement. In one aspect, a computer-implemented method comprises: providing, via the CPU, the chain of operations to the IO subsystem, wherein the IO subsystem is coupled to the one or more processors over Peripheral Component Interconnect Express (PCIe); processing, with the IO subsystem, the chain of operations by: retrieving, from a memory, data associated with the chain of operations; executing each of the operations in the chain to determine an output based on the data and output determined for any prior executed operation in the chain; and providing the output of each the executed operations for execution of the respective next operation in the chain; and providing, via the IO subsystem, an output for the chain of operations to the CPU.

Abstract: Described are platforms, systems, and methods for providing an in-line, transparent Transmission Control Protocol (TCP)/Transport Layer Security (TLS) proxy. In one aspect, a programmable input output (IO) device comprises at least one advanced reduced instruction set computer (RISC) machine (ARM) core communicably coupled to at least one central processing unit (CPU) core of a host device; a programmable P4 pipeline comprising a cryptographic offload subsystem; and a memory unit. The programmable IO device executing instruction stored on the memory unit comprising: establishing a session for an incoming TCP connection received from a remote host via the at least one ARM core; processing data packets received from the remote host via the programmable P4 pipeline; decrypting the received data packets via the cryptographic offload subsystem; and providing the decrypted data packets to the host device.

Abstract: Methods and apparatuses for a programmable IO device interface are provided. The apparatus may comprise: a first memory unit having a plurality of programs stored thereon, the plurality of programs are associated with a plurality of actions comprising updating memory based data structure, inserting a DMA command or initiating an event; a second memory unit for receiving and storing a table result, and the table result is provided by a table engine configured to perform packet match operations on (i) a packet header vector contained in a header portion and (ii) data stored in a programmable match table; and circuitry for executing a program selected from the plurality of programs in response to the table result and an address received by the apparatus, and the program is executed until completion and the program is associated with the programmable match table.

Abstract: Described are programmable IO devices configured to perform operations. These operations comprise: determining a set of range-based elements for a network; sorting the set of range-based elements according to a global order among the range-based elements; generating an interval table from the sorted range-based elements; generating an interval binary search tree from the interval table; propagating data stored in subtrees of interior stages of the interval binary search tree to subtrees of a last stage of the interval binary search tree such that the interior stages do not comprise data; converting the interval binary search tree to a Pensando Tree; compressing multiple levels of the Pensando Tree into cache-lines; and assembling the cache-lines in the memory unit such that each stage can compute an address of a next-cache line to be fetched by a next stage.

Abstract: A method for managing network congestion is provided. The method comprises: receiving, at a receiver, a packet comprising a timestamp provided by a first clock of a sender; deriving, by the receiver, a latency value based at least in part on the timestamp provided by the first clock and a receipt time provided by a second clock of the receiver; determining a latency change by comparing the latency value with a previous latency value; and determining a state of network congestion based at least in part on the latency change.

Abstract: This disclosure provides methods and systems for reducing congestion in RoCEv2 networks. The method is configured to operate large-scale in data centers on traffic flowing from a sender node to a receiver node. The method described has three stages: a fast start stage, a transition stage, and a regulation stage. In the fast start stage, the sender sends data to the receiver at a fast initial rate. This may continue until the receiver observes a congestion event. When this happens, the sender reduces the data transfer rate as the method enters the transition stage. From a reduced rate, the method enters the regulation stage, where the rate is increased using a combination of a feedback control loop and an additive increase multiplicative decrease (AIMD) algorithm.

Abstract: Described are platforms, systems, and methods for upgrading firmware on a programmable input output (IO) device. In one aspect, a method executed by the programmable IO device comprises: receiving, from a north-bound entity, a request to upgrade firmware installed on at least one CPU core; disabling flow-miss traffic to the at least one CPU core; redirecting the flow-miss traffic to an off-box service; providing a configuration for the programmable IO device to the off-box service; redirecting traffic to the off-box service; upgrading the firmware installed on the at least one CPU core; upgrading at least one program running in the data plane; reprograming a forwarding state provided by the off-box service; disabling the redirection of the traffic to the off-box service; and providing, to the north-bound entity, a notification indicating a completion of the upgrade.

Abstract: Described are platforms, systems, and methods for performing queue scheduling tasks on data packet flows. In one aspect, a method comprises: retrieving a plurality of packet flows from a network stack; reconfiguring the retrieved packet flows into per-flow queues; and performing one or more queue scheduling tasks on the per-flow queues.

Abstract: Methods and systems for exporting network information from an exporter to a collector are disclosed. Embodiments of the present technology may include updating a non-key field of a flow entry in a flow cache that corresponds to a flow, setting a field in a context-bitmap of the flow entry in response to updating the non-key field of the flow entry, identifying an export policy using the context-bitmap, and exporting information related to the flow to a collector according to the export policy.