Abstract: Techniques are disclosed for a network device to preserve packet flow information across bump-in-the-wire (BITW) firewalls. For example, a method comprises receiving, by a network device, a packet. The method also comprises determining, by the network device, that the packet matches a packet flow that is associated with an action to redirect the packet to a firewall configured as a bump-in-the-wire. The method further comprises, in response to the determination: modifying, by the network device, a Media Access Control (MAC) address field of a layer 2 (L2) packet header with a flow identifier of the packet flow; sending, by the network device, the packet to the firewall; receiving, by the network device, the packet from the firewall; and recovering, by the network device, the packet flow by modifying the packet according to the flow identifier in the packet to restore the L2 packet header of the packet.

Abstract: A system for one-sided read remote memory access is disclosed. In some embodiments, the system is configured to receive, at a responder SFA, a first packet comprising a read request to read a remote memory of a second host from a first host, wherein a payload of the first packet is mapped to be a transmit header queue (TxHQ) entry (TxHQE), and the TxHQE includes a pointer to a memory map; separate, the received packet into portions including a upper level protocol (ULP) portion, the ULP portion being the TxHQE; create a ULP header queue for the TxHQE; generate a read response based on mapping the ULP header queue into hardware as the TxHQ, wherein the TxHQE includes a pointer to data from a valid memory region of the second host identified by the memory mapping; and transmit a read response packet with the data identified by the pointer using the TxHQ to the first host.

Abstract: A system for congestion control using a flow level transmit mechanism is disclosed. In some embodiments, the system comprises a source SFA and a receive SFA. The source SFA is configured to detect and classify a congestion notification packet (CNP) generated based on congestion in a network; select a receive block from a plurality of receive blocks based on the CNP; forward the CNP to a dedicated congestion notification queue of the receive block; identify a transmit queue from a plurality of transmit blocks based on processing the congestion notification queue, wherein the transmit queue originated a particular transmit flow causing the congestion; and stop the transmit queue.

Abstract: A server fabric adapter (SFA) communication system is disclosed. In some embodiments, the SFA communication system comprises an SFA communicatively coupled to a plurality of controlling hosts, a plurality of endpoints, and a plurality of network ports. The SFA is configured to receive a network packet from a network port of the plurality of network ports; separate the network packet into different portions, each portion including a header or a payload; map each portion of the network packet to: (i) a controlling host of the plurality controlling hosts, the controlling host being designated as a destination controlling host, or (ii) an endpoint of the plurality of endpoints, the endpoint being designated as a destination endpoint; and forward a respective portion of the network packet to the destination controlling host or the destination endpoint.

Abstract: Systems and methods of performing rate limiting traffic shaping with a time-indexed data structure in a network device are provided. A network interface driver of the network device can received packets at the packet layer of a network host from a plurality of applications. The network interface driver can prevent one of the applications from sending additional packets for transmission until the application received a transmission completion notification indicating a packet previously forwarded to the packet layer of the network host has been transmitted. The network interface driver can process the received packets to determine a transmission time for each packet based on at least on rate limit policy. The network interface driver can store an identifier associated with the respective packet in a time-indexed data structure at a position associated with the transmission time determined for the packet.

Abstract: Systems and methods of performing rate limiting with a time-indexed data structure in a network device are provided. A transport protocol module of the network device can receive data packets from a remote computing device. The transport protocol module can generate a packet acknowledgement message which is received by the network interface driver. The network interface driver can process the received packet acknowledgement message to determine a transmission time for the packet acknowledgement message based on at least on rate limit policy. The network interface driver can store an identifier associated with the packet acknowledgement message in a time-indexed data structure. The network interface driver can determine that a time indexed in the time-indexed data structure has been reached and in response transmit a packet acknowledgement message associated with the identifier stored in the time-indexed data structure at a position associated with the reached time.

Abstract: Systems and methods of performing rate limiting traffic shaping with a time-indexed data structure in a network device are provided. A network interface driver of the network device can received packets at the packet layer of a network host from a plurality of applications. The network interface driver can prevent one of the applications from sending additional packets for transmission until the application received a transmission completion notification indicating a packet previously forwarded to the packet layer of the network host has been transmitted. The network interface driver can process the received packets to determine a transmission time for each packet based on at least on rate limit policy. The network interface driver can store an identifier associated with the respective packet in a time-indexed data structure at a position associated with the transmission time determined for the packet.

Abstract: Systems and methods of performing traffic shaping in a network device are provided. A network interface driver of the network device can store descriptors associated with packets received from multiple streams in a transmission queue in a first order. The network interface driver can transfer the descriptors to a traffic shaping module. In response to determining that a packet from a first stream, among the received packets, has been successfully transmitted by a network card, the network interface driver can communicate a packet transmission completion message corresponding to the packet to a software application that has awaited receipt of a packet transmission completion message before forwarding additional data packets from the first stream to the network interface driver. The network interface driver can communicate packet transmission completion messages corresponding to the packets received from the multiple streams to the software application in a second order, different from the first order.

Abstract: Systems and methods of performing traffic shaping in a network device are provided. A network interface driver of the network device can store descriptors associated with packets received from multiple streams in a transmission queue in a first order. The network interface driver can transfer the descriptors to a traffic shaping module. In response to determining that a packet from a first stream, among the received packets, has been successfully transmitted by a network card, the network interface driver can communicate a packet transmission completion message corresponding to the packet to a software application that has awaited receipt of a packet transmission completion message before forwarding additional data packets from the first stream to the network interface driver. The network interface driver can communicate packet transmission completion messages corresponding to the packets received from the multiple streams to the software application in a second order, different from the first order.

Abstract: Network load balancing may be performed in a cluster by deploying multicasting or replication. In particular, one or more multicast trees may be deployed within the cluster. Packets may be multicast towards the hosts over the multicast tree(s) to reach the hosts in a pool of hosts associated with a given Virtual Internet Protocol (“VIP”) address. Packets may be filtered before the packets reach the hosts to ensure that each host only receives packets for the session the host is handling. The filtering may be performed at various levels of the multicast tree. Replication may be deployed instead of multicasting to realize the same network load balancing.

Abstract: A forwarding device, such as a router, in a network may communicate with a service device according to a networking protocol. According to exemplary embodiments, logic for communicating according to the networking protocol may be relocated from the forwarding device to one or more remote controllers. The remote controllers may encapsulate networking messages and forward the networking messages to the forwarding device using a tunnel, thereby allowing the messages to follow the same path through the network as the messages would have followed if the messages had originated at the forwarding device. Accordingly, the forwarding device can be made simpler, updates to the networking protocol or remote controllers may be made without ceasing operations at the forwarding device, errors in the network may be quickly diagnosed, and a backup remote controller may take responsibility for communications in the network if a primary controller is rendered inoperable.

Abstract: Aspects and implementations of the present disclosure are directed to selection of a controller by a network device in a software defined network. In one aspect, the disclosure relates to a network device configured to receive a first controller availability message from a first controller device in a plurality of controller devices that includes at least a second controller device, select one of the first controller device and the second controller device as a controller for the network device based at least on the first controller availability message received from the first controller device, and report the selection of the controller device to the selected controller device. In some implementations, selection is based on a comparison of one or more performance characteristics for the controller devices. The performance characteristics may include a number of network devices under control by each controller device and/or an average latency for each controller device.

Abstract: A system and method for processing multicast streams is disclosed. A router receives the multicast streams and communicates the streams via communication tunnels to a set of ingestion pipelines. Each communication tunnel can be terminated upon the ingestion pipeline receiving a multicast stream. The set of ingestion pipelines process and deliver the multicast streams across existing IP infrastructure for real time distribution.