Abstract: An extension to the conventional single rate microflow policer that provides dual rate policing with a minimum of extra resource utilization. Using the extended microflow policer, an aggressive TCP flow ramps up to exceed the policer rate, setting a burst drop flag. Once the flow rate exceeds the burst rate, a single packet is dropped and the burst drop flag is cleared. On seeing the single packet drop, the TCP sender is then expected to reduce its rate. Flows that do not back off will eventually exceed a higher, hard drop threshold and experience packet drop. An aggressive TCP rate thus oscillate around the burst rate, efficiently approaching the hard drop rate without exceeding it. The addition of only a single bit flag avoids the cost of a dual-rate policer and the tail drop behavior induced by a single rate policer.

Abstract: The invention provides for hardware processing of ACLs and thus hardware enforcement of access control. A sequence of access control specifiers from an ACL are recorded in a CAM, and information from the packet header is used to attempt to match selected source and destination IP addresses or subnets, ports, and protocols, against all the ACL specifiers at once. Successful matches are input to a priority selector, which selects the match with the highest priority (that is, the match that is first in the sequence of access control specifiers). The specified result of the selected match is used to permit or deny access for the packet without need for software processing, preferably at a rate comparable to wirespeed. The CAM includes an ordered sequence of entries, each of which has an array of ternary-elements for matching “0”, “1”, or any value, and each of which generates a match signal.

Abstract: Methods and apparatus are disclosed herein for classifying packets using ternary and binary content-addressable memory stages to classify packets. One such system uses a stage of one or more TCAMS followed by a second stage one or more CAMS (or alternatively some other binary associative memories such as hash tables or TRIEs) to classify a packet. One exemplary system includes TCAMs for handling input and output classification and a forwarding CAM to classify packets for Internet Protocol (IP) forwarding decisions on a flow label. This input and output classification may include, but is not limited to routing, access control lists (ACLs), quality of service (QoS), network address translation (NAT), encryption, etc. These IP forwarding decisions may include, but are not limited to IP source and destination addresses, protocol type, flags and layer 4 source and destination ports, a virtual local area network (VLAN) id and/or other fields.

Abstract: The present invention defines a method and apparatus to extend class-based queuing (CBQ) with multiple “behavioral” queues per class, to include a dynamic weighting mechanism between these queues. The packets are forwarded from the behavioral queues according to the weighting assigned to each queue. The weighting for packet scheduling of the queues is adjusted to account for additional flow going through the queues. The weight of a queue is controlled relative to the weight available to other queues. When a flow is reclassified, the queue weights is readjusted accordingly. Well behaved flows experience low delay and can thus achieve a fair bandwidth allocation without having to have multiple packets queued to compete with non-adaptive aggressive flows.

Abstract: In one embodiment, a method for processing a packet is disclosed. The method includes classifying the packet and determining an action to be taken with regard to the packet. Classifying the packet includes using information in the packet to perform the classification. The determination made as to the action to be taken with regard to the packet is based on the classifying that is performed, and is performed using a plurality of rules. At least one of the rules is configurable. The information in the packet is related to time-to-live (TTL) data corresponding to the packet.

Abstract: A method for using network address translation in switches and routers to define a virtual host as the source of a multicast channel within a single-source multicast model and to translate packet addresses from different multicast sources so that the packets appear to be originating from the virtual host. Address-translated packets are thus forwarded through a single-source multicast channel and received by the subscribing host(s)/clients as though the packets came from a single “virtual” source. This methodology can be used to map two or more sources simultaneously onto the same multicast channel. Such a mapping is useful, for example, to present multiple views of a sporting event video broadcast, provide advertisement insertion capability, or to support transparent fail-over to a backup video source in a critical multicast application. Subscribing client hosts in the multicast reception group simply subscribe to the single virtual host as the source of a multicast channel.

Abstract: The present invention provides a per-flow dynamic buffer management scheme for a data communications device. With per-flow dynamic buffer limiting, the header information for each packet is mapped into an entry in a flow table, with a separate flow table provided for each output queue. Each flow table entry maintains a buffer count for the packets currently in the queue for each flow. On each packet enqueuing action, a dynamic buffer limit is computed for the flow and compared against the buffer count already used by the flow to make a mark, drop, or enqueue decision. A packet in a flow is dropped or marked if the buffer count is above the limit. Otherwise, the packet is enqueued and the buffer count incremented by the amount used by the newly-enqueued packet. The scheme operates independently of packet data rate and flow behavior, providing means for rapidly discriminating well-behaved flows from non-well-behaved flows in order to manage buffer allocation accordingly.

Abstract: A method and apparatus for an enhanced datagram packet switched computer network is disclosed. The invention processes network datagram packets in network devices as separate flows, based on the source-destination address pair contained in the datagram packet itself. As a result, the network can control and manage each flow of datagrams in a segregated fashion. The processing steps that can be specified for each flow include traffic management, flow control, packet forwarding, access control, and other network management functions. The ability to control network traffic on a per flow basis allows for the efficient handling of a wide range and a large variety of network traffic, as is typical in large-scale computer networks, including video and multimedia type traffic. The amount of buffer resources and bandwidth resources assigned to each flow can be individually controlled by network management.

Abstract: A method and apparatus to limit the throughput rate of non-adapting aggressive flows on a packet-by-packet basis. Each packet of an input flow is mapped to an entry in a flow table for each output queue. The mapping is based on a subset of the packet's header data, giving an approximation of per-flow management. Each entry contains a credit value. On packet reception, the credit value is compared to zero; if there are no credits, the packet is dropped. Otherwise, the size of the packet is compared to the credit value. If sufficient credits exist (i.e., size is less than or equal to credits), the credit value is decremented by the size of the packet in cells and the processing proceeds according to conventional methods, including but not limited to those disclosed in the co-pending DBL Application, incorporated herewith by reference in its entirety. If, however, the size of the packet exceeds the available credits, the credit value is set to zero and the packet is dropped.

Abstract: A remote DMA (RDMA) shim protocol laid atop an existing network data transfer protocol but logically underneath higher level disk and file access protocols specifies the portion of a data packet to be transferred directly into a separate area of memory such as an application layer memory buffer. This RDMA protocol identifies the area of memory into which the data should be delivered, a data ID, data start, data length or end, and flag bits. Option fields added to (or already present in) the transport protocol describe the RDMA transfer. On reception of a packet specifying RDMA, the receiving device delivers the data directly into the correct memory location using the RDMA description data. In some embodiments of the present invention, the RDMA shim protocol is implemented with TCP options specifically introduced to enable RDMA and thus reduce the overhead of transferring and receiving data with a TCP-based protocol such as NFS or HTTP.

Abstract: The present invention describes a method and an apparatus of multi-feature lookup process using multi-feature classification memory (“CM”). In one embodiment of the present invention, the method defines various features, offered in the router, into a feature hierarchy. Individual associated CMs are merged into a combined associated multi-feature CM. The feature rules for packet processing are merged according to the feature hierarchy and the multi-feature CM is populated with the merged rules. The multi-feature CM includes combined packet-processing rules for multiple features. The multi-feature CM eliminates the need for individual associated CMs. The memory space in the multi-feature CM is shared by various feature rules.

Abstract: The present invention provides a per-flow dynamic buffer management scheme for a data communications device. With per-flow dynamic buffer limiting, the header information for each packet is mapped into an entry in a flow table, with a separate flow table provided for each output queue. Each flow table entry maintains a buffer count for the packets currently in the queue for each flow. On each packet enqueuing action, a dynamic buffer limit is computed for the flow and compared against the buffer count already used by the flow to make a mark, drop, or enqueue decision. A packet in a flow is dropped or marked if the buffer count is above the limit. Otherwise, the packet is enqueued and the buffer count incremented by the amount used by the newly-enqueued packet. The scheme operates independently of packet data rate and flow behavior, providing means for rapidly discriminating well-behaved flows from non-well-behaved flows in order to manage buffer allocation accordingly.

Abstract: The invention provides for hardware processing of ACLs and thus hardware enforcement of access control. A sequence of access control specifiers from an ACL are recorded in a CAM, and information from the packet header is used to attempt to match selected source and destination IP addresses or subnets, ports, and protocols, against all the ACL specifiers at once. Successful matches are input to a priority selector, which selects the match with the highest priority (that is, the match that is first in the sequence of access control specifiers). The specified result of the selected match is used to permit or deny access for the packet without need for software processing, preferably at a rate comparable to wirespeed. The CAM includes an ordered sequence of entries, each of which has an array of ternary elements for matching “0”, “1”, or any value, and each of which generates a match signal.

Abstract: The invention provides a single-chip method. The method includes a memory shared among packet buffers for receiving packets, packet buffers for transmitting packets, and packet header buffers for packet forwarding lookup. Accesses to that shared memory are multiplexed and prioritized. Packet reception is performed with relatively high priority, packet transmission is performed with medium priority, and packet forwarding lookup is performed with relatively low priority. The single-chip method includes circuits for serially receiving packet header information, converting that information into a parallel format for transmission to an SRAM for lookup, and queuing input packets for later forwarding at an output port. Similarly, the single-chip method includes circuits for queuing output packets for transmission at an output port, receiving packet forwarding information from the SRAM in a parallel format, and converting packet header information from output packets into a serial format for transmission.

Abstract: The invention provides an enhanced datagram packet switched computer network. The invention processes network datagram packets in network devices as separate flows, based on the source-destination address pair in the datagram packet. As a result, the network can control and manage each flow of datagrams in a segregated fashion. The processing steps that can be specified for each flow include traffic management, flow control, packet forwarding, access control, and other network management functions. The ability to control network traffic on a per flow basis allows for the efficient handling of a wide range and a large variety of network traffic, as is typical in large-scale computer networks, including video and multimedia traffic. The amount of buffer resources and bandwidth resources assigned to each flow can be individually controlled by network management. In the dynamic operation of the network, these resources can be varied based on actual network traffic loading and congestion encountered.

Abstract: The present invention provides a digital computer memory cache organization for efficient data logging, log-based copy and rollback, high-performance I/O, network switching and multi-cache consistency maintenance. The cache organization implements efficient selective cache write-back, mapping and transferring of data. Write or store operations to cache lines tagged as logged are written through to a log block builder associated with the cache. Non-logged store operations are handled local to the cache, as in a writeback cache. The log block builder combines write operations into data blocks and transfers the data blocks to a log splitter. A log splitter demultiplexes the logged data into separate streams based on address.

Abstract: The present invention provides a digital computer memory cache organization for efficient data logging, log-based copy and rollback, high-performance I/O, network switching and multi-cache consistency maintenance. The cache organization implements efficient selective cache write-back, mapping and transferring of data. Write or store operations to cache lines tagged as logged are written through to a log block builder associated with the cache. Non-logged store operations are handled local to the cache, as in a writeback cache. The log block builder combines write operations into data blocks and transfers the data blocks to a log splitter. A log splitter demultiplexes the logged data into separate streams based on address.