Abstract: A new approach is proposed that contemplates systems and methods to support virtio-based data packet path optimization for live virtual machine (VM) migration for Linux. Specifically, a data packet receiving (Rx) path and a data packet transmitting (Tx) path between a VM running on a host and a virtual function (VF) driver configured to interact with a physical network device of the host to receive and transmit communications dedicated to the VM are both optimized to implement a zero-copy solution to reduce overheads in packet processing. Under the proposed approach, the data packet Tx path utilizes a zero-copy mechanism provided by Linux kernel to avoid copying from virtio memory rings/Tx vrings in memory of the VM. The data packet Rx path also implements a zero-copy solution, which allows a virtio device of the VM to communicate directly with the VF driver of the network device while bypassing a macvtap driver entirely from the data packet Rx path.

Abstract: A new approach is proposed that contemplates systems and methods to support a mechanism to offload IPSec/IKE processing of virtual machines (VMs) running on a host to an embedded networking device, which serves as a hardware accelerator for the VMs that need to have secured communication with a remote device/server over a network. By utilizing a plurality of its software and hardware features, the embedded networking device is configured to perform all offloaded IPSec operations on data packets transferred between the host and the remote device over the network as required for the secured communication before the data packets can be transmitted over the network. The embedded networking device, in effect, acts as a proxy on behalf of the VMs running on the host to perform the offloaded IPSec operations as well as serving as the network interface for the secured communication between the VMs and the remote device.

Abstract: A new approach is proposed that contemplates systems and methods to support a mechanism to offload all aspects of inline SSL processing of an application running on a server/host to an embedded networking device such as a Network Interface Card (NIC), which serves as a hardware accelerator for all applications running on the server that need to have a secure connection with a remote client device over a network. By utilizing a plurality of its software and hardware features, the embedded networking device is configured to process all SSL operations of the secure connection inline, i.e., the SSL operations are performed as packets are transferred between the host and the client over the network, rather than having the SSL operations offloaded to the NIC, which then returns the packets to the host (or the remote client device) before they can be transmitted to the remote client device (or to the host).

Abstract: A new approach is proposed that contemplates systems and methods to support hardware-based Quality of Service (QoS) operations, which offloads metering functionalities under OpenFlow protocol to a programmable hardware unit/block/component. The hardware unit supports several hardware implemented ports and each port supports multiple configurable queues for the packet flows through a network switch/chip/system. Specifically, the hardware unit includes a plurality of descriptor queues (DQs) configured to accept requests to send a plurality of packets from one or more CPU cores, and a plurality of condition and schedule modules configured to meter, schedule, and condition the packets through a hierarchy of scheduling queues under one or more metering constraints.

Abstract: A new approach is proposed that contemplates systems and methods to support hot plugging and/or unplugging one or more of remote storage devices virtualized as extensible/flexible storages and NVMe namespace(s) via an NVMe controller during operation. First, the NVMe controller virtualizes and presents a set of remote storage devices to one or more VMs running on a host attached to the NVMe controller as logical volumes in the NVMe namespace(s) so that each of the VMs running on the host can access these remote storage devices to perform read/write operations as if they were local storage devices.

Abstract: A new approach is proposed that contemplates systems and methods to support virtio-based data packet path optimization for live virtual machine (VM) migration for Linux. Specifically, a data packet receiving (Rx) path and a data packet transmitting (Tx) path between a VM running on a host and a virtual function (VF) driver configured to interact with a physical network device of the host to receive and transmit communications dedicated to the VM are both optimized to implement a zero-copy solution to reduce overheads in packet processing. Under the proposed approach, the data packet Tx path utilizes a zero-copy mechanism provided by Linux kernel to avoid copying from virtio memory rings/Tx vrings in memory of the VM. The data packet Rx path also implements a zero-copy solution, which allows a virtio device of the VM to communicate directly with the VF driver of the network device while bypassing a macvtap driver entirely from the data packet Rx path.

Abstract: A new approach is proposed that contemplates systems and methods to support mapping/importing remote storage devices as NVMe namespace(s) via an NVMe controller using a storage network protocol and utilizing one or more storage devices locally coupled to the NVMe controller as caches for fast access to the mapped remote storage devices. The NVMe controller exports and presents the NVMe namespace(s) of the remote storage devices to one or more VMs running on a host attached to the NVMe controller. Each of the VMs running on the host can then perform read/write operations on the logical volumes. During a write operation, data to be written to the remote storage devices by the VMs is stored in the locally coupled storage devices first before being transmitted over the network. The locally coupled storage devices may also cache data intelligently pre-fetched from the remote storage devices based on reading patterns and/or pre-configured policies of the VMs in anticipation of read operations.

Abstract: A new approach is proposed that contemplates systems and methods to support a mechanism to offload IPSec/IKE processing of virtual machines (VMs) running on a host to an embedded networking device, which serves as a hardware accelerator for the VMs that need to have secured communication with a remote device/server over a network. By utilizing a plurality of its software and hardware features, the embedded networking device is configured to perform all offloaded IPSec operations on data packets transferred between the host and the remote device over the network as required for the secured communication before the data packets can be transmitted over the network. The embedded networking device, in effect, acts as a proxy on behalf of the VMs running on the host to perform the offloaded IPSec operations as well as serving as the network interface for the secured communication between the VMs and the remote device.

Abstract: A new approach is proposed to support a virtual network switch, which is a software implementation of a network switch utilizing hardware to accelerate implementation of timers of the virtual network switch under OpenFlow protocol. The approach utilizes a plurality of hardware-implemented timer blocks/rings, wherein each of the rings covers a specified time period and has a plurality of timer buckets each corresponding to an interval of expiration time of timers. When a new flow table entry is programmed at an OpenFlow agent of the virtual network switch, its associated timer entries are created and inserted into the corresponding timer bucket based on the expiration time of the timers. During operation, hardware of the virtual network switch traverses the timer rings for the timer bucket which time has expired, identifies timer entries in the expired timer bucket, interrupts CPU or provides a notification to the agent with necessary contextual information.

Abstract: A new approach is proposed that contemplates systems and methods to support elastic (extensible/flexible) storage access in real time by mapping a plurality of remote storage devices that are accessible over a network fabric as logical namespace(s) via a logical storage controller using a multitude of access mechanisms and storage network protocols. The logical storage controller exports and presents the remote storage devices to one or more VMs running on a host of the logical storage controller as the logical namespace(s), wherein these remote storage devices appear virtually as one or more logical volumes of a collection of logical blocks in the logical namespace(s) to the VMs. As a result, each of the VMs running on the host can access these remote storage devices to perform read/write operations as if they were local storage devices via the logical namespace(s).

Abstract: A new approach is proposed that contemplates systems and methods to support a mechanism to offload all aspects of inline SSL processing of an application running on a server/host to an embedded networking device such as a Network Interface Card (NIC), which serves as a hardware accelerator for all applications running on the server that need to have a secure connection with a remote client device over a network. By utilizing a plurality of its software and hardware features, the embedded networking device is configured to process all SSL operations of the secure connection inline, i.e., the SSL operations are performed as packets are transferred between the host and the client over the network, rather than having the SSL operations offloaded to the NIC, which then returns the packets to the host (or the remote client device) before they can be transmitted to the remote client device (or to the host).

Abstract: A new approach is proposed that contemplates systems and methods to virtualize a physical NVMe controller associated with a computing device or host so that every virtual machine running on the host can have its own dedicated virtual NVMe controller. First, a plurality of virtual NVMe controllers are created on a single physical NVMe controller, which is associated with one or more storage devices. Once created, the plurality of virtual NVMe controllers are provided to VMs running on the host in place of the single physical NVMe controller attached to the host, and each of the virtual NVMe controllers organizes the storage units to be accessed by its corresponding VM as a logical volume. As a result, each of the VMs running on the host has its own namespace(s) and can access its storage devices directly through its own virtual NVMe controller.

Abstract: A new approach is proposed that contemplates systems and methods to support performing a live update or upgrade of a firmware of an embedded networking device to a successful completion without resetting the embedded networking device. For the live update or upgrade to the firmware of the embedded networking device, a new version of the firmware that includes new features/enhancements to improve the product functionality or fix bugs encountered in previous versions of the firmware is installed seamlessly on the embedded networking device to replace the current version of the firmware on one or more cores at a time. During the live firmware updating or upgrading process, various software applications running on other cores of the embedded networking device continue to perform packet processing operations without any interruption. The live firmware update process continues until all cores of the embedded networking device are updated with the newly updated/upgraded firmware.

Abstract: A new approach is proposed virtual machines (VMs) accessing remote storage devices over a network via non-volatile memory express (NVMe) controllers to migrate live from a current host to a destination host. A first virtual NVMe controller running on a first physical NVMe controller enables a first VM running on the current host to perform storage operations to logical volumes mapped to the remote storage devices over the network as if they were local storage volumes. During VM migration, the current host puts the first virtual NVMe controller into quiesce state and saves an image of its states. A second virtual NVMe controller is created on a second physical NVMe controller using the saved image, which is configured to serve a second VM on the destination host. The second virtual NVMe controller resumes the storage operations to the remote storage devices without being interrupted by the VM migration.

Abstract: A new approach is proposed that contemplates systems and methods to support elastic (extensible/flexible) storage access in real time by mapping a plurality of remote storage devices that are accessible over a network fabric as logical namespace(s) via a logic storage controller using a multitude of access mechanisms and storage network protocols. The logical storage controller exports and presents the remote storage devices to one or more VMs running on a host of the logical storage controller as the logical namespace(s), wherein these remote storage devices appear virtually as one or more logical volumes of a collection of logical blocks in the logical namespace(s) to the VMs. As a result, each of the VMs running on the host can access these remote storage devices to perform read/write operations as if they were local storage devices via the logical namespace(s).

Abstract: A new approach is proposed that contemplates systems and methods to support hardware-based Quality of Service (QoS) operations, which offloads metering functionalities under OpenFlow protocol to a programmable hardware unit/block/component. The hardware unit supports several hardware implemented ports and each port supports multiple configurable queues for the packet flows through a network switch/chip/system. Specifically, the hardware unit includes a plurality of descriptor queues (DQs) configured to accept requests to send a plurality of packets from one or more CPU cores, and a plurality of condition and schedule modules configured to meter, schedule, and condition the packets through a hierarchy of scheduling queues under one or more metering constraints.

Abstract: A new approach is proposed to support a virtual network switch, which is a software implementation of a network switch utilizing hardware to accelerate implementation of timers of the virtual network switch under OpenFlow protocol. The approach utilizes a plurality of hardware-implemented timer blocks/rings, wherein each of the rings covers a specified time period and has a plurality of timer buckets each corresponding to an interval of expiration time of timers. When a new flow table entry is programmed at an OpenFlow agent of the virtual network switch, its associated timer entries are created and inserted into the corresponding timer bucket based on the expiration time of the timers. During operation, hardware of the virtual network switch traverses the timer rings for the timer bucket which time has expired, identifies timer entries in the expired timer bucket, interrupts CPU or provides a notification to the agent with necessary contextual information.

Abstract: A new approach is proposed that contemplates systems and methods to support extensible/flexible storage access in real time by virtualizing a plurality of remote storage devices as NVMe namespace(s) via an NVMe controller using a storage network protocol. The NVMe controller exports and presents the remote storage devices to one or more VMs running on a host attached to the NVMe controller as the NVMe namespace(s), wherein these remote storage devices appear virtually as one or more logical volumes of a collection of logical blocks in the NVMe namespace(s) to the VMs. As a result, each of the VMs running on the host can access these remote storage devices to perform read/write operations as if they were local storage devices via the NVMe namespace(s).

Abstract: A new approach is proposed that contemplates systems and methods to support mapping/importing remote storage devices as NVMe namespace(s) via an NVMe controller using a storage network protocol and utilizing one or more storage devices locally coupled to the NVMe controller as caches for fast access to the mapped remote storage devices. The NVMe controller exports and presents the NVMe namespace(s) of the remote storage devices to one or more VMs running on a host attached to the NVMe controller. Each of the VMs running on the host can then perform read/write operations on the logical volumes. During a write operation, data to be written to the remote storage devices by the VMs is stored in the locally coupled storage devices first before being transmitted over the network. The locally coupled storage devices may also cache data intelligently pre-fetched from the remote storage devices based on reading patterns and/or pre-configured policies of the VMs in anticipation of read operations.

Abstract: A new approach is proposed that contemplates systems and methods to support extensible/flexible storage access in real time by virtualizing a plurality of remote storage devices as NVMe namespace(s) via an NVMe controller using a storage network protocol. The NVMe controller exports and presents the remote storage devices to one or more VMs running on a host attached to the NVMe controller as the NVMe namespace(s), wherein these remote storage devices appear virtually as one or more logical volumes of a collection of logical blocks in the NVMe namespace(s) to the VMs. As a result, each of the VMs running on the host can access these remote storage devices to perform read/write operations as if they were local storage devices via the NVMe namespace(s).