Abstract: Improved memory management is provided according to a Hierarchical Immutable Content Addressable Memory Processor (HICAMP) architecture. In HICAMP, physical memory is organized as two or more physical memory blocks, each physical memory block having a fixed storage capacity. An indication of which of the physical memory blocks is active at any point in time is provided. A memory controller provides a non-duplicating write capability, where data to be written to the physical memory is compared to contents of all active physical memory blocks at the time of writing, to ensure that no two active memory blocks have the same data after completion of the non-duplicating write.

Abstract: A method and apparatus to limit the throughput rate on a packet-by-packet basis. Each packet of an input flow is mapped to an entry in a flow table for each output queue. The mapping is based on a subset of the packet's header data, giving an approximation of per-flow management. Each entry contains a credit value. On packet reception, the credit value is compared to zero; if there are no credits, the packet is dropped. Otherwise, the size of the packet is compared to the credit value. If sufficient credits exist (i.e., size is less than or equal to credits), the credit value is decremented by the size of the packet in cells and the packet is processed. If the size of the packet exceeds the available credits, the credit value is set to zero and the packet is dropped. A periodic task adds credits to each flow table entry up to a predetermined maximum.

Abstract: Simplified handling of dynamic collections having a variable number of elements at run time is achieved by providing for specification of collective properties of dynamic collections by a programmer. Such collective properties are distinct from type-member properties of the collection that follow from the types and type qualifiers of its members. Preferably, such dynamic collections are attributes (i.e., members) of an application defined type.

Abstract: A method is provided for translating sets of constraint declarations to imperative code sequences based on defining an instantiatable object per set, inserting calls to a notification callback mechanism on state modification and defining calls in the constraint context as imperative code sequences that, in response to these callbacks, take actions to maintain these constraints.

Abstract: A remote DMA (RDMA) shim protocol laid atop an existing network data transfer protocol but logically underneath higher level disk and file access protocols specifies the portion of a data packet to be transferred directly into a separate area of memory such as an application layer memory buffer. This RDMA protocol identifies the area of memory into which the data should be delivered, a data ID, data start, data length or end, and flag bits. Option fields added to (or already present in) the transport protocol describe the RDMA transfer. On reception of a packet specifying RDMA, the receiving device delivers the data directly into the correct memory location using the RDMA description data. In some embodiments of the present invention, the RDMA shim protocol is implemented with TCP options specifically introduced to enable RDMA and thus reduce the overhead of transferring and receiving data with a TCP-based protocol such as NFS or HTTP.

Abstract: Methods and apparatus are disclosed herein for classifying packets using ternary and binary content-addressable memory stages to classify packets. One such system uses a stage of one or more TCAMS followed by a second stage one or more CAMS (or alternatively some other binary associative memories such as hash tables or TRIEs) to classify a packet. One exemplary system includes TCAMs for handling input and output classification and a forwarding CAM to classify packets for Internet Protocol (IP) forwarding decisions on a flow label. This input and output classification may include, but is not limited to routing, access control lists (ACLs), quality of service (QoS), network address translation (NAT), encryption, etc. These IP forwarding decisions may include, but are not limited to IP source and destination addresses, protocol type, flags and layer 4 source and destination ports, a virtual local area network (VLAN) id and/or other fields.

Abstract: Data transmission efficiency for structured data can be improved by representing structured data using immutable blocks. The contents of the immutable blocks can include data and/or pointers to immutable blocks. An immutable data block cannot be altered after creation of the block. When data represented as immutable blocks is transmitted from one processor to another processor, the transmitter sends block contents for blocks that have not previously been defined at the receiver, and sends block IDs (as opposed to block contents) for blocks that have previously been defined at the receiver. The systematic use of block IDs instead of block contents in transmission where possible can significantly reduce transmission bandwidth requirements.

Abstract: A media server system includes a switch having a volatile memory such as dynamic random access memory (DRAM), for example. The switch may be configured to store one or more formatted media content streams in large blocks within the volatile memory. The switch unit also includes a switch controller including a crossbar switch that is coupled between a plurality of network ports and the volatile memory.

Abstract: The invention provides an enhanced datagram packet switched computer network. The invention processes network datagram packets in network devices as separate flows, based on the source-destination address pair in the datagram packet. As a result, the network can control and manage each flow of datagrams in a segregated fashion. The processing steps that can be specified for each flow include traffic management, flow control, packet forwarding, access control, and other network management functions. The ability to control network traffic on a per flow basis allows for the efficient handling of a wide range and a large variety of network traffic, as is typical in large-scale computer networks, including video and multimedia traffic. The amount of buffer resources and bandwidth resources assigned to each flow can be individually controlled by network management. In the dynamic operation of the network, these resources can be varied—based on actual network traffic loading and congestion encountered.

Abstract: The invention provides an enhanced datagram packet switched computer network. The invention processes network datagram packets in network devices as separate flows, based on the source-destination address pair in the datagram packet. As a result, the network can control and manage each flow of datagrams in a segregated fashion. The processing steps that can be specified for each flow include traffic management, flow control, packet forwarding, access control, and other network management functions. The ability to control network traffic on a per flow basis allows for the efficient handling of a wide range and a large variety of network traffic, as is typical in large-scale computer networks, including video and multimedia traffic. The amount of buffer resources and bandwidth resources assigned to each flow can be individually controlled by network management. In the dynamic operation of the network, these resources can be varied—based on actual network traffic loading and congestion encountered.

Abstract: Improved memory management is provided according to a Hierarchical Immutable Content Addressable Memory Processor (HICAMP) architecture. In HICAMP, physical memory is organized as two or more physical memory blocks, each physical memory block having a fixed storage capacity. An indication of which of the physical memory blocks is active at any point in time is provided. A memory controller provides a non-duplicating write capability, where data to be written to the physical memory is compared to contents of all active physical memory blocks at the time of writing, to ensure that no two active memory blocks have the same data after completion of the non-duplicating write.

Abstract: A logging module is disclosed. A communications device can include, and so be made secure through the use of, the logging module. The logging module is configured to communicate information regarding a change to a configuration of a subsystem of the communications device.

Abstract: Methods and apparatus are disclosed herein for ingress port filtering for packet switching systems. One implementation includes a mechanism to duplicate and provide an incoming packet stream to multiple per-port ingress filters. Under standard operating conditions, these filters are configured to be cooperative and complementary, with the portion of packet traffic filtered out of the stream on one port allowed to pass through on the other ports so as to load balance traffic across redundant systems. Upon recognition of a failure condition, the filters are typically modified to adapt to the error condition, which may include allowing all traffic to pass through one ingress port while filtering all traffic from the other ingress ports, or dynamically re-programming the filters to effectively redistribute the portion of the traffic going to an ingress port associated with the error condition to the other ingress ports.

Abstract: A system and method provide for efficient classification of long strings of data, such as network messages. The system, which may be a classification engine for use in a network device, is configured to include one or more stages having one or more banks of ternary content addressable memories (TCAMs). The TCAM banks of each stage are organized into one or more groups and each group processes the network messages for a different set of the network device's ports. The system further includes at least one memory resource that is shared by the TCAM banks of all groups. That is, the parallel banks of TCAMs operate in a distributed fashion while the shared memory resource operates in a centralized fashion. Accordingly, the system can process network messages at high speed while minimizing the number of required components.

Abstract: The invention provides a method and system for packet processing, in which a router (or switch) is capable of quickly processing incoming packets, thus performing level 2, 3, and 4 routing and additional services, in real time. A system includes a packet processing engine (PPE), having elements for receiving packets, distinguishing header and payload information for those packets, outsourcing router decision-making to additional hardware resources such as a fast forwarding engine (FFE), and forwarding those packets. The PPE is synchronized to the FFE, so that the PPE can send and the FFE can receive packets at each one of a sequence of constant-duration time quanta. Similarly, the PPE can receive and the FFE can send packet routing information at each one of a sequence of similar time quanta. The PPE and the FFE have separate hardware so that their functions can be performed in parallel without contention for operating resources.

Abstract: The present invention provides a per-flow dynamic buffer management scheme for a data communications device. With per-flow dynamic buffer limiting, the header information for each packet is mapped into an entry in a flow table, with a separate flow table provided for each output queue. Each flow table entry maintains a buffer count for the packets currently in the queue for each flow. On each packet enqueuing action, a dynamic buffer limit is computed for the flow and compared against the buffer count already used by the flow to make a mark, drop, or enqueue decision. A packet in a flow is dropped or marked if the buffer count is above the limit. Otherwise, the packet is enqueued and the buffer count incremented by the amount used by the newly-enqueued packet. The scheme operates independently of packet data rate and flow behavior, providing means for rapidly discriminating well-behaved flows from non-well-behaved flows in order to manage buffer allocation accordingly.

Abstract: In an embodiment, different aspects of a packet header and data included in the packet are singled out for attention, rather that just the four byte IP destination address. Different information is included in nodes of the trie that enables matching and branching on different header fields. In an embodiment, the ACL of a configuration file in a router or switch is compiled into a trie data structure located in the memory of the router or switch. In an embodiment, a trie data structure is used to map a multicast packet header by a sequence of nodes that match on destination address or source address.

Abstract: Methods and apparatus are disclosed for redirecting requests received over a connection and redirecting them to multiple servers. The responses are then merged and sent over the connection. In this manner, Transmission Control Protocol (TCP) and other transport layer connections can be redirected to different servers on a per-request basis while still allowing client requests to be pipelined. In one implementation, a splicer device or process of a switch is used to map the requests to the appropriate servers and responses back over the appropriate connection. A set of connections may be pre-established between the switch and the servers. The splicer device or process maintains a data structure indicating the usage of these connections. The splicer device or process may maintain counts and/or receives indications from a server when a response has been completed, to identify when a connection may be used for servicing another request and/or connection.

Abstract: The present invention includes a scheduling mechanism that fairly allocates a resource to a number of schedulable elements of which some are latency-sensitive. The invention tracks each element's use of the resource by determining the element's virtual time. An active element is selected from the elements that are ready to use the resource by determining the element that has the smallest effective virtual time. The effective virtual time is the element's actual virtual time modified by a borrowed virtual time value. When an element has a short-term need for the resource, it can borrow the privilege to run by borrowing virtual time. As the element uses the resource, it consumes virtual time according to its weight. When the elements are scheduled for the resource, the ready elements having the smallest virtual time is selected. The invention enforces long-term fairness to each element while allowing latency-sensitive elements to be preferably selected.

Abstract: A system and method for efficiently searching long strings of data, such as network messages, is described. The system preferably includes an associative memory structure, having a plurality of content addressable memories (CAMs). The CAMs are hierarchically arranged such the output of at least one CAM is used as the input to a second CAM. Preferably, a top-level CAM receives only a selected portion of the data string or network message as its input. The output of the top-level CAM is then joined with some or all of the remaining portions of the data string to form a new output that is provided to the CAM at the next lower level. The top-level CAM is programmed such that its output is substantially smaller (e.g., has fewer bits) than the selected data string portion that is input to the top-level CAM. The system can thus search data strings that are on the whole far longer than the widths of the respective CAMs forming the memory structure.