Abstract: A method for communication includes mapping transport sequence numbers in headers of data packets received from a network to respective buffers in a memory of a host computer. At least a part of the data from payloads of the received data packets is written directly to the respective buffers.

Abstract: A network device includes a hardware pipeline to process a network packet to be encrypted. A portion of the hardware pipeline retrieves information from the network packet and generates a command based on the information. A block cipher circuit is coupled inline within the hardware pipeline. The hardware pipeline includes hardware engines coupled between the portion of the hardware pipeline and the block cipher circuit. The hardware engines parse and execute the command to determine a set of inputs and input the set of inputs and portions of the network packet to the block cipher circuit. The block cipher circuit encrypts a payload data of the network packet based on the set of inputs.

Abstract: A peripheral device includes a host interface and processing circuitry. The host interface is to communicate with one or more hosts over a peripheral bus. The processing circuitry is to expose on the peripheral bus a peripheral-bus device that communicates with the one or more hosts using one or more instances of at least one bus storage protocol, to receive, using the exposed peripheral-bus device, Input/Output (I/O) transactions that are issued by the one or more hosts, and to complete the I/O transactions for the one or more hosts in accordance with one or more instances of at least one network storage protocol, by running at least part of a host-side protocol stack of the at least one network storage protocol.

Abstract: A method for communication includes provisioning each node in a network with a respective set of two or more network addresses. Each node in succession is assigned a respective network address from the respective provisioned set that has not been assigned for use by any preceding node. Upon finding for a given node that all the network addresses in the respective provisioned set were assigned to preceding nodes, the preceding nodes are searched to identify a candidate node having an additional network address in the respective provisioned set, other than the assigned respective network address, that was not yet assigned to any of the nodes. The additional network address is assigned to the candidate node instead of the respective network address that was previously assigned to the candidate node, and the assigning of the network addresses to the nodes in the succession resumes following the candidate node.

Abstract: A method for communication includes provisioning each node in a network with a respective set of two or more network addresses. Each node in succession is assigned a respective network address from the respective provisioned set that has not been assigned for use by any preceding node. Upon finding for a given node that all the network addresses in the respective provisioned set were assigned to preceding nodes, the preceding nodes are searched to identify a candidate node having an additional network address in the respective provisioned set, other than the assigned respective network address, that was not yet assigned to any of the nodes. The additional network address is assigned to the candidate node instead of the respective network address that was previously assigned to the candidate node, and the assigning of the network addresses to the nodes in the succession resumes following the candidate node.

Abstract: A peripheral device coupled to a host includes a network interface, a packet processor, and a Data Processing Unit (DPU). The packet processor receives from a communication network, via the network interface, packets that originated from a source in an original order and received at the peripheral device in as order different from the original order. The packet processor splits the received packets into headers and payloads, sends the payloads for storage in a host memory and sends the headers without the payloads for storage in a DPU memory, and based on the headers produces a hint indicative of processing to be applied to the headers, by the DPU, for identifying the original order. Based on the hint, the DPU identifies the original order of the packets by applying the processing indicated by the hint to respective headers in the DPU memory, and notifies the host of the original order.

Abstract: A method of encrypting a memory transaction include, using a computing device operating a processor, encrypting a set of buffers to be transmitted, each buffer encrypted using an encryption key of a set of encryption keys.

Abstract: A method includes detecting, by an accelerator of a networking device, a serial number of a first data packet is out of order with respect to a previous data packet within a first flow of data packets associated with a packet communication network, wherein the serial number is assigned to the first data packet according to a transport protocol. The method includes reconstructing context data associated with the first flow of data packets, wherein the context data comprises encoding information for encoding of data records containing data conveyed in payloads of data packets in the first flow of data packets according to a storage protocol. The method includes using, by the accelerator, the reconstructed context data in processing a data record associated with a second data packet within the first flow, wherein the second data packet is subsequent to the first data packet in the first flow of data packets.

Abstract: A confidential computing (CC) apparatus includes a CPU and a peripheral device. The CPU is to run a hypervisor that hosts one or more Trusted Virtual Machines (TVMs). The peripheral device is coupled to the CPU and to an external memory. The CPU includes a TVM-Monitor (TVMM), to perform management operations on the one or more TVMs, to track memory space that is allocated by the hypervisor to the peripheral device in the external memory, to monitor memory-access requests issued by the hypervisor to the memory space allocated to the peripheral device in the external memory, and to permit or deny the memory-access requests, according to a criterion.

Abstract: A network adapter includes a network interface controller and a processor. The network interface controller is to communicate over a peripheral bus with a host, and over a network with a remote storage device. The processor is to expose on the peripheral bus a peripheral-bus device that communicates with the host using a bus storage protocol, to receive first I/O transactions of the bus storage protocol from the host, via the exposed peripheral-bus device, and to complete the first I/O transactions in the remote storage device by (i) translating between the first I/O transactions and second I/O transactions of a network storage protocol, and (ii) executing the second I/O transactions in the remote storage device. For receiving and completing the first I/O transactions, the processor is to cause the network interface controller to transfer data directly between the remote storage device and a memory of the host using zero-copy.

Abstract: A peripheral device coupled to a host includes a network interface, a packet processor, and a Data Processing Unit (DPU). The packet processor receives from a communication network, via the network interface, packets that originated from a source in an original order and received at the peripheral device in as order different from the original order. The packet processor splits the received packets into headers and payloads, sends the payloads for storage in a host memory and sends the headers without the payloads for storage in a DPU memory, and based on the headers produces a hint indicative of processing to be applied to the headers, by the DPU, for identifying the original order. Based on the hint, the DPU identifies the original order of the packets by applying the processing indicated by the hint to respective headers in the DPU memory, and notifies the host of the original order.

Abstract: A system includes a host processor, which has a host memory and is coupled to store data in a non-volatile memory in accordance with a storage protocol. A network interface controller (NIC) receives data packets conveyed over a packet communication network from peer computers containing, in payloads of the data packets, data records that encode data in accordance with the storage protocol for storage in the non-volatile memory. The NIC processes the data records in the data packets that are received in order in each flow from a peer computer and extracts and writes the data to the host memory, and when a data packet arrives out of order, writes the data packet to the host memory without extracting the data and processes the data packets in the flow so as to recover context information for use in processing the data records in subsequent data packets in the flow.

Abstract: In one embodiment, a secure distributed processing system includes nodes connected over a network, and configured to process tasks, each respective one of the nodes including a respective processor to process data of respective ones of the tasks, and a respective network interface controller to connect to other nodes over the network, store task master keys for use in computing communication keys for securing data transfer over the network for respective ones of the tasks, compute respective task and node-pair specific communication keys for securing communication with respective ones of the nodes over the network for respective ones of the tasks responsively to respective ones of the task master keys and node-specific data of respective node pairs, and securely communicate the processed data of the respective ones of the tasks with the respective ones of the nodes over the network responsively to the respective task and node-pair specific communication keys.

Abstract: A method, apparatus, and computer program product for processing a data record including encrypted and decrypted data is described. Various embodiments include receiving a data record including ciphertext and plaintext blocks and determining whether each block in the data record is a ciphertext block or a plaintext block. If a block is a ciphertext block, the ciphertext block is stored into a ciphertext record, decrypted into a plaintext block utilizing a decryption algorithm, and stored in a plaintext record. If the block is a plaintext block, the plaintext block is stored into the plaintext record, encrypted into a ciphertext block utilizing an encryption algorithm, and stored in the ciphertext record. Embodiments described also include authenticating the data record by passing each block of the ciphertext record to an authentication scheme and outputting the plaintext record to a destination application.

Abstract: A method includes detecting, by an accelerator of a networking device, a serial number of a first data packet is out of order with respect to a previous data packet within a first flow of data packets associated with a packet communication network, wherein the serial number is assigned to the first data packet according to a transport protocol. The method includes reconstructing context data associated with the first flow of data packets, wherein the context data comprises encoding information for encoding of data records containing data conveyed in payloads of data packets in the first flow of data packets according to a storage protocol. The method includes using, by the accelerator, the reconstructed context data in processing a data record associated with a second data packet within the first flow, wherein the second data packet is subsequent to the first data packet in the first flow of data packets.

Abstract: A system includes a host processor, which has a host memory and is coupled to store data in a non-volatile memory in accordance with a storage protocol. A network interface controller (NIC) receives data packets conveyed over a packet communication network from peer computers containing, in payloads of the data packets, data records that encode data in accordance with the storage protocol for storage in the non-volatile memory. The NIC processes the data records in the data packets that are received in order in each flow from a peer computer and extracts and writes the data to the host memory, and when a data packet arrives out of order, writes the data packet to the host memory without extracting the data and processes the data packets in the flow so as to recover context information for use in processing the data records in subsequent data packets in the flow.

Abstract: A network adapter includes a network interface controller and a processor. The network interface controller is to communicate over a peripheral bus with a host, and over a network with a remote storage device. The processor is to expose on the peripheral bus a peripheral-bus device that communicates with the host using a bus storage protocol, to receive first I/O transactions of the bus storage protocol from the host, via the exposed peripheral-bus device, and to complete the first I/O transactions in the remote storage device by (i) translating between the first I/O transactions and second I/O transactions of a network storage protocol, and (ii) executing the second I/O transactions in the remote storage device. For receiving and completing the first I/O transactions, the processor is to cause the network interface controller to transfer data directly between the remote storage device and a memory of the host using zero-copy.

Abstract: A method for communication includes mapping transport sequence numbers in headers of data packets received from a network to respective buffers in a memory of a host computer. At least a part of the data from payloads of the received data packets is written directly to the respective buffers.

Abstract: A system includes a host processor, which has a host memory and is coupled to store data in a non-volatile memory in accordance with a storage protocol. A network interface controller (NIC) receives data packets conveyed over a packet communication network from peer computers containing, in payloads of the data packets, data records that encode data in accordance with the storage protocol for storage in the non-volatile memory. The NIC processes the data records in the data packets that are received in order in each flow from a peer computer and extracts and writes the data to the host memory, and when a data packet arrives out of order, writes the data packet to the host memory without extracting the data and processes the data packets in the flow so as to recover context information for use in processing the data records in subsequent data packets in the flow.

Abstract: A peripheral device includes a host interface and processing circuitry. The host interface is to communicate with one or more hosts over a peripheral bus. The processing circuitry is to expose on the peripheral bus a peripheral-bus device that communicates with the one or more hosts using one or more instances of at least one bus storage protocol, to receive, using the exposed peripheral-bus device, Input/Output (I/O) transactions that are issued by the one or more hosts, and to complete the I/O transactions for the one or more hosts in accordance with one or more instances of at least one network storage protocol, by running at least part of a host-side protocol stack of the at least one network storage protocol.