Patents by Inventor Cristian Estan
Cristian Estan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9305115Abstract: A method and apparatus for comparing a search key with a plurality of rules of an access control list (ACL) stored in a plurality of content addressable memory (CAM) blocks of a content search system are disclosed. The search key is compared with a plurality of covering prefix entries stored in a covering prefix table, wherein a respective covering prefix entry includes first and second common prefix values. The first common prefix value is shared by all of the rules stored in a first of the CAM blocks, and the second common prefix value is shared by all of the rules stored in a second of the CAM blocks. A bitmap associated with a matching covering prefix entry selectively enables a subset of the CAM blocks for comparison with the search key to determine the highest priority matching rule.Type: GrantFiled: September 28, 2011Date of Patent: April 5, 2016Assignee: Broadcom CorporationInventor: Cristian Estan
-
Patent number: 9269411Abstract: Methods, systems, and computer readable storage medium embodiments for configuring a lookup table, such as an access control list (ACL) for a network device are disclosed. Aspects of these embodiments include storing a plurality of data entries in a memory, each of the stored plurality of data entries including a header part and a body part, and encoding each of a plurality of bit-sequences in the header part of a stored data entry from the plurality of data entries to indicate a bit comparing action associated with a respective bit sequence in the body part of the stored data entry. Other embodiments include searching a lookup table in a network device.Type: GrantFiled: December 28, 2012Date of Patent: February 23, 2016Assignee: Broadcom CorporationInventors: Cristian Estan, Mark Birman, Prashanth Narayanaswamy
-
Patent number: 8966167Abstract: A content addressable memory (CAM)-based search engine is disclosed that reduces power consumption during a plurality of different search operations concurrently performed in a plurality of device pipelines by selectively applying one of a number of different power reduction techniques for each pipeline in response to configuration data indicating the type of search operation that is being performed in the pipeline.Type: GrantFiled: December 20, 2013Date of Patent: February 24, 2015Assignee: Broadcom CorporationInventor: Cristian Estan
-
Patent number: 8935270Abstract: A content search system for determining whether an input string matches one or more of a number of patterns embodied by a deterministic finite automaton (DFA) includes a plurality of DFA engines that simultaneously compare sequential overlapping segments of the input string. The overlap region shared by adjacent pairs of input string segments is of a predetermined size. Initially, the first DFA engine is designated as the master engine, and the remaining DFA engines are designated as slave engines whose state results are speculative. Resolution logic compares the state results of the master engine with the state results of the adjacent slave engine to selectively validate the state results of the successor engine, which upon validation becomes the new master engine.Type: GrantFiled: May 13, 2010Date of Patent: January 13, 2015Assignee: Netlogic Microsystems, Inc.Inventors: Cristian Estan, Greg Watson
-
Patent number: 8861241Abstract: A content addressable memory (CAM) device to dynamically reduces power consumption between a search key and data stored in a plurality of CAM blocks by selectively disabling a number of CAM blocks, requested for the search operation by an external network processor, based upon the contents of the search key.Type: GrantFiled: September 6, 2011Date of Patent: October 14, 2014Assignee: NetLogic Microsystems, Inc.Inventor: Cristian Estan
-
Patent number: 8812480Abstract: A content search system for determining whether an input string matches one or more rules includes a parser, a rules database, and a search engine. The parser, which has an input to receive the input string, is to extract one or more selected portions of the input string to form a filtered input string, and is to generate a rule select signal in response to the selected portions of the input string. The rules database stores a plurality of sets of rules. The search engine is to compare the filtered input string with a selected set of rules selected in response to the rule select signal.Type: GrantFiled: January 20, 2012Date of Patent: August 19, 2014Assignee: Broadcom CorporationInventors: Greg Watson, Cristian Estan, Mark Birman, Alexei Starovoitov
-
Patent number: 8700593Abstract: A content search system includes multiple pipelined search engines that implement different portions of a regular expression search operations. For some embodiments, the search pipeline includes a DFA engine, an NFA engine, and a token stitcher that combines partial match results generated by the DFA and NFA engines in a manner that prevents either engine from becoming a bottleneck. In addition, the token stitcher can be configured to implement unbounded sub-expressions without utilizing resources of the DFA or NFA engines.Type: GrantFiled: July 16, 2010Date of Patent: April 15, 2014Assignee: Netlogic Microsystems, Inc.Inventors: Cristian Estan, Greg Watson
-
Patent number: 8639875Abstract: A CAM-based search engine is disclosed that reduces power consumption during a plurality of different search operations concurrently performed in a plurality of device pipelines by selectively applying one of a number of different power reduction techniques for each pipeline in response to configuration data indicating the type of search operation that is being performed in the pipeline.Type: GrantFiled: September 6, 2011Date of Patent: January 28, 2014Assignee: Netlogic Microsystems, Inc.Inventor: Cristian Estan
-
Patent number: 8589405Abstract: A content search system includes multiple pipelined search engines that implement different portions of a regular expression search operation. For some embodiments, the search pipeline includes a DFA engine, an NFA engine, and a token stitcher that combines partial match results generated by the DFA and NFA engines. The token stitcher can be configured to implement unbounded sub-expressions without utilizing resources of the DFA or NFA engines. A token stitcher may comprise an input line for receiving tokens that indicate a partial match between an input string and a regular expression, a flag bank that stores flags which, when activated, identify one or more of the sub-expressions that match the input string, a program memory that stores programs that each comprises instructions for processing tokens, and an engine configured to identify programs that are associated with a newly received token.Type: GrantFiled: September 17, 2010Date of Patent: November 19, 2013Assignee: NetLogic Microsystems, Inc.Inventor: Cristian Estan
-
Patent number: 8572106Abstract: A content search system includes multiple pipelined search engines that implement different portions of a regular expression search operation. For some embodiments, the search pipeline includes a DFA engine, an NFA engine, and a token stitcher that combines partial match results generated by the DFA and NFA engines. The token stitcher can be configured to implement unbounded sub-expressions without utilizing resources of the DFA or NFA engines. The token stitcher may comprise a flag bank for storing a number of flags. Each flag may identify a sub-expression that matches the input string. The flag bank may be configured to discard one or more flags upon satisfaction of a predetermined condition for purposes of recapturing hardware resources to provide a certain level of performance.Type: GrantFiled: November 15, 2010Date of Patent: October 29, 2013Assignee: NetLogic Microsystems, Inc.Inventor: Cristian Estan
-
Publication number: 20130246698Abstract: Methods, systems, and computer readable storage medium embodiments for configuring a lookup table for a network device are disclosed. Aspects in these embodiments include generating a decision tree based upon bit representations of respective data entries from a plurality of data entries where one or more of the plurality of data entries are represented at respective nodes of the decision tree, storing a first bit pattern corresponding to a selected node from the decision tree in a content addressable memory (CAM) at a location associated with an index, and storing one or more second bit patterns at an address in a second memory. The one or more second hit patterns correspond to the one or more data entries represented at the selected node, and the address is associated with the index. Embodiments also include searching a lookup table in a network device.Type: ApplicationFiled: December 28, 2012Publication date: September 19, 2013Applicant: Broadcom CorporationInventors: Cristian ESTAN, Mark Birman, Prashanth Narayanaswamy
-
Publication number: 20130246697Abstract: Methods, systems, and computer readable storage medium embodiments for configuring a lookup table, such as an access control list (ACL) for a network device are disclosed. Aspects of these embodiments include storing a plurality of data entries in a memory, each of the stored plurality of data entries including a header part and a body part, and encoding each of a plurality of bit-sequences in the header part of a stored data entry from the plurality of data entries to indicate a bit comparing action associated with a respective bit sequence in the body part of the stored data entry. Other embodiments include searching a lookup table in a network device.Type: ApplicationFiled: December 28, 2012Publication date: September 19, 2013Applicant: Broadcom CorporationInventors: Cristian ESTAN, Mark Birman, Prashanth Narayanaswamy
-
Patent number: 8233493Abstract: A computer-implemented method for classifying received packets using a hardware cache of evolving rules and a software cache having an original rule set. The method including receiving a packet, processing the received packet through a hardware-based packet classifier having at least one evolving rule to identify at least one cache miss packet, and processing the cache miss packet through a software based packet classifier including an original rule set. Processing the cache miss packet includes determining whether to expand at least one of the at least one evolving rules in the hardware-based packet classifier based on the cache miss packet. The determination includes determining whether an evolving rule has both the same action and lies entirely within one of the rule of the original rule set.Type: GrantFiled: September 8, 2009Date of Patent: July 31, 2012Assignee: Wisconsin Alumni Research FoundationInventors: Yadi Ma, Suman Banerjee, Cristian Estan
-
Patent number: 7962434Abstract: Deterministic finite automata (DFAs) are popular solutions to deep packet inspection because they are fast and DFAs corresponding to multiple signatures are combinable into a single DFA. Combining such DFAs causes an explosive increase in memory usage. Extended finite automata (XFAs) are an alternative to DFAs that avoids state-space explosion problems. XFAs extend DFAs with a few bytes of “scratch memory” used to store bits and other data structures that record progress. Simple programs associated with automaton states and/or transitions manipulate this scratch memory. XFAs are deterministic in their operation, are equivalent to DFAs in expressiveness, and require no custom hardware support. Fully functional prototype XFA implementations show that, for most signature sets, XFAs are at least 10,000 times smaller than the DFA matching all signatures. XFAs are 10 times smaller and 5 times faster or 5 times smaller and 20 times faster than systems using multiple DFAs.Type: GrantFiled: February 15, 2008Date of Patent: June 14, 2011Assignee: Wisconsin Alumni Research FoundationInventors: Cristian Estan, Randy David Smith, Somesh Jha
-
Patent number: 7940755Abstract: An architecture for a specialized electronic computer for high-speed data lookup employs a set of tiles each with independent processors and lookup memory portions. The tiles may be programmed to interconnect to form different memory topologies optimized for the particular task.Type: GrantFiled: March 19, 2009Date of Patent: May 10, 2011Assignee: Wisconsin Alumni Research FoundationInventors: Cristian Estan, Karthikeyan Sankaralingam
-
Publication number: 20100238942Abstract: An architecture for a specialized electronic computer for high-speed data lookup employs a set of tiles each with independent processors and lookup memory portions. The tiles may be programmed to interconnect to form different memory topologies optimized for the particular task.Type: ApplicationFiled: March 19, 2009Publication date: September 23, 2010Inventors: Cristian Estan, Karthikeyan Sankaralingam
-
Publication number: 20100067535Abstract: A computer-implemented method for classifying received packets using a hardware cache of evolving rules and a software cache having an original rule set. The method including receiving a packet, processing the received packet through a hardware-based packet classifier having at least one evolving rule to identify at least one cache miss packet, and processing the cache miss packet through a software based packet classifier including an original rule set. Processing the cache miss packet includes determining whether to expand at least one of the at least one evolving rules in the hardware-based packet classifier based on the cache miss packet. The determination includes determining whether an evolving rule has both the same action and lies entirely within one of the rule of the original rule set.Type: ApplicationFiled: September 8, 2009Publication date: March 18, 2010Inventors: Yadi Ma, Suman Banerjee, Cristian Estan
-
Publication number: 20090106183Abstract: Deterministic finite automata (DFAs) are popular solutions to deep packet inspection because they are fast and DFAs corresponding to multiple signatures are combinable into a single DFA. Combining such DFAs causes an explosive increase in memory usage. Extended finite automata (XFAs) are an alternative to DFAs that avoids state-space explosion problems. XFAs extend DFAs with a few bytes of “scratch memory” used to store bits and other data structures that record progress. Simple programs associated with automaton states and/or transitions manipulate this scratch memory. XFAs are deterministic in their operation, are equivalent to DFAs in expressiveness, and require no custom hardware support. Fully functional prototype XFA implementations show that, for most signature sets, XFAs are at least 10,000 times smaller than the DFA matching all signatures. XFAs are 10 times smaller and 5 times faster or 5 times smaller and 20 times faster than systems using multiple DFAs.Type: ApplicationFiled: February 15, 2008Publication date: April 23, 2009Inventors: Cristian Estan, Randy D. Smith, Somesh Jha
-
Patent number: 7219354Abstract: Super-user privileges are virtualized by designating a virtual super-user for each of a plurality of virtual processes and intercepting system calls for which actual super-user privileges are required, which are nevertheless desirable for a virtual super-user to perform in the context of his or her own virtual process. In one embodiment, a computer operating system includes multiple virtual processes, such as virtual private servers. Each virtual process can be associated with one or more virtual super-users. When an actual process makes a system call that requires actual super-user privileges, the call is intercepted by a system call wrapper.Type: GrantFiled: December 22, 2000Date of Patent: May 15, 2007Assignee: Ensim CorporationInventors: Xun Wilson Huang, Cristian Estan, Srinivasan Keshav
-
Patent number: RE44210Abstract: Super-user privileges are virtualized by designating a virtual super-user for each of a plurality of virtual processes and intercepting system calls for which actual super-user privileges are required, which are nevertheless desirable for a virtual super-user to perform in the context of his or her own virtual process. In one embodiment, a computer operating system includes multiple virtual processes, such as virtual private servers. Each virtual process can be associated with one or more virtual super-users. When an actual process makes a system call that requires actual super-user privileges, the call is intercepted by a system call wrapper.Type: GrantFiled: May 15, 2009Date of Patent: May 7, 2013Assignee: Digital Asset Enterprises, L.L.C.Inventors: Xun Wilson Huang, Cristian Estan, Jr., Srinivasan Keshav