Patents by Inventor Nicolas G. Droux
Nicolas G. Droux has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20100122346Abstract: A method for controlling a denial of service attack involves receiving a plurality of packets from a network, identifying an attacking host based on a severity level of the denial of service attack from the network, wherein the attacking host is identified by an identifying attack characteristic associated with one of the plurality of packets associated with the attacking host, analyzing each of the plurality of packets by a classifier to determine to which of a plurality of temporary data structures each of the plurality of packet is forwarded, forwarding each of the plurality of packets associated with the identifying attack characteristic to one of the plurality of temporary data structures matching the severity level of the denial of service attack as determined by the classifier, requesting a number of packets from the one of the plurality of temporary data structures matching the severity level by the virtual serialization queue, and forwarding the number of packets to the virtual serialization queue.Type: ApplicationFiled: November 3, 2009Publication date: May 13, 2010Applicant: SUN MICROSYSTEMS, INC.Inventors: Sunay Tripathi, Nicolas G. Droux, Yuzo Watanabe
-
Patent number: 7716730Abstract: A method for offloading a secure protocol connection, involving establishing the secure protocol connection between a host system and a remote peer, offloading the secure protocol connection to a network interface card (NIC) to obtain an offloaded secure protocol connection, determining whether a packet is associated with the offloaded secure protocol connection, and if the packet is associated with the offloaded secure protocol connection, identifying the offloaded secure protocol connection, performing cryptographic operations on the packet using at least one secret key to obtain a processed packet, and returning a status of the processed packet to the host system.Type: GrantFiled: June 24, 2005Date of Patent: May 11, 2010Assignee: Oracle America, Inc.Inventors: Nicolas G. Droux, Sunay Tripathi, Thirumalai Srinivasan
-
Patent number: 7715416Abstract: A method for processing packets. The method includes receiving a first packet, wherein the first packet is associated with a first protocol, classifying the first packet using a protocol associated with the first packet, sending the first packet to a first receive ring based on the classification, sending the first packet from the first receive ring to a first virtual network interface card (VNIC) based on an operating mode, sending the first packet from the first VNIC to a first protocol specific virtual network stack (VNS), wherein the first protocol specific VNS is configured to only process packets associated with the first protocol, and processing the first packet by the first protocol specific VNS to obtain a first processed packet.Type: GrantFiled: June 30, 2006Date of Patent: May 11, 2010Assignee: The Open Computing Trust 1Inventors: Thirumalai Srinivasan, Sunay Tripathi, Nicolas G. Droux
-
Patent number: 7697434Abstract: A method for controlling resource utilization of a container that includes associating the container with a virtual network stack, receiving a plurality of packets from a network, analyzing each of the plurality of packets by a classifier to determine to which of a plurality of temporary data structures each of the plurality of packet is forwarded, forwarding each of the plurality of packets to one of the plurality of temporary data structures as determined by the classifier, requesting at least one packet for the one of the plurality of temporary data structures by the virtual network stack, wherein the virtual network stack is associated with the one of the plurality of temporary data structures, and forwarding the at least one packet to the virtual network stack.Type: GrantFiled: April 22, 2005Date of Patent: April 13, 2010Assignee: Sun Microsystems, Inc.Inventors: Sunay Tripathi, Nicolas G. Droux
-
Patent number: 7684423Abstract: A system including a network interface card (NIC) associated with a Media Access Control (MAC) address and a host operatively connected to the NIC. The NIC includes a default hardware receive ring (HRR), a plurality of non-default HRRs, and a hardware classifier. The hardware classifier is configured to analyze an inbound packet using a destination Internet Protocol (IP) address and to send the inbound packet to one of the plurality of non-default HRRs if the inbound packet is a unicast packet, and to send the packet to the default HRR if the inbound packet is an inbound multi-recipient packet. The host includes a plurality of virtual NICs (VNICs) and an inbound software classifier, that includes a plurality of software receive rings (SRRs) and is configured to obtain inbound packets from the default HRR, and to determine to which of the plurality of SRRs to send a copy of the packet.Type: GrantFiled: June 30, 2006Date of Patent: March 23, 2010Assignee: Sun Microsystems, Inc.Inventors: Sunay Tripathi, Nicolas G. Droux, Kais Belgaied
-
Patent number: 7675920Abstract: A system that includes a network interface for receiving a packets from a network, a classifier operatively connected to the network interface that analyzes each of the packets and determines to which temporary data structure to forward each of packets, wherein the classifier analyzes each packet to determine with which of a plurality of protocols the packet is associated with. Each temporary data structure within the system is configured to receive packets from the classifier, wherein each of the temporary data structures is associated with at least one virtual serialization queue and wherein each of the temporary data structures is configured to store packets associated with at least one of the plurality of protocols. The at least one virtual serialization queue is configured to queue packets from the one of the temporary data structures associated with the at least one virtual serialization queue.Type: GrantFiled: April 22, 2005Date of Patent: March 9, 2010Assignee: Sun Microsystems, Inc.Inventors: Nicolas G. Droux, Sunay Tripathi, Eric T. Cheng
-
Patent number: 7672299Abstract: A method for virtualizing a network interface card includes creating a first plurality of virtual NICs, assigning each of a plurality of receive rings on the network interface card (NIC) to one of the first plurality of virtual NICs, and if the number of virtual NICs is greater than the number of receive rings on the NIC, creating a first software ring corresponding to one of the plurality of receive rings on the NIC, creating a first plurality of software receive rings associated with the first software ring, creating a second plurality of virtual NICs, and assigning each of the first plurality of software receive rings to one of the second plurality of virtual NICs, wherein the plurality of receive rings is less than a sum of the first plurality of virtual NICs and the second plurality of virtual NICs.Type: GrantFiled: June 30, 2006Date of Patent: March 2, 2010Assignee: Sun Microsystems, Inc.Inventors: Nicolas G. Droux, Sunay Tripathi, Kais Belgaied
-
Patent number: 7672239Abstract: Techniques, systems, and apparatus for offloading data connections from a kernel onto an associated TNIC are disclosed. Generally, embodiments of the invention are configured to send message packets of a connection to an endpoint at substantially the same time as an associated offload set-up process is performed. A method provides a data connection enabling data exchange between two TCP endpoints. After a determination is made that the connection is suitable for offloading, the kernel sends connection state information and a request that the connection be offloaded to a TNIC. Prior to completion of offload set up, an initial transmission of connection data is sent to an associated TCP endpoint. These principles can be implemented as software operating on a computer system, as a computer system module, as a computer program product and as a series of related devices and products.Type: GrantFiled: July 1, 2004Date of Patent: March 2, 2010Assignee: Sun Microsystems, Inc.Inventors: Sunay Tripathi, Hsiao-Keng J. Chu, Nicolas G. Droux
-
Publication number: 20100040063Abstract: A method for processing packets. The method includes receiving a first packet, wherein the first packet is associated with a first protocol, classifying the first packet using a protocol associated with the first packet, sending the first packet to a first receive ring based on the classification, sending the first packet from the first receive ring to a first virtual network interface card (VNIC) based on an operating mode, sending the first packet from the first VNIC to a first protocol specific virtual network stack (VNS), wherein the first protocol specific VNS is configured to only process packets associated with the first protocol, and processing the first packet by the first protocol specific VNS to obtain a first processed packet.Type: ApplicationFiled: October 19, 2009Publication date: February 18, 2010Applicant: SUN MICROSYSTEMS, INC.Inventors: Thirumalai Srinivasan, Sunay Tripathi, Nicolas G. Droux
-
Patent number: 7643482Abstract: A system including a plurality of virtual network interface cards (VNICs); and a Vswitch table associated with a virtual switch, wherein each entry in the Vswitch table is associated with one of the plurality of VNICs, wherein each of the plurality of VNICs is located on the host, and wherein each of the plurality of VNICs is associated with the virtual switch. The first VNIC in the plurality of VNICs is configured to receive a packet associated with a hardware address (HA), determine, using the HA, whether one of the plurality of entries in the Vswitch table is associated with the HA, send the packet to a VNIC associated with HA if one of the plurality of entries in the Vswitch table is associated with the HA, wherein the VNIC is one of the plurality of VNICs.Type: GrantFiled: June 30, 2006Date of Patent: January 5, 2010Assignee: Sun Microsystems, Inc.Inventors: Nicolas G. Droux, Sunay Tripathi, Erik Nordmark
-
Publication number: 20090327392Abstract: A method for migrating a first virtual machine (VM), that includes transmitting, prior to migration, a first packet between the first VM on a first blade chassis and a second VM on a second blade chassis using a first virtual network interface card (VNIC) and a second VNIC. The method includes migrating the first VM and the first VNIC to the second blade, identifying a subnet of the first VM, identifying a subnet of the second VM, and creating a virtual router to execute on the second blade. The virtual router is associated with a third VNIC and a fourth VNIC. A first network address in the first VNIC's subnet is assigned to the third VNIC. A second network address in the second VNIC's subnet is assigned to the fourth VNIC. The method includes routing a second packet between the first VM and the second VM using the virtual router.Type: ApplicationFiled: June 30, 2008Publication date: December 31, 2009Applicant: SUN MICROSYSTEMS, INC.Inventors: Sunay Tripathi, Nicolas G. Droux
-
Patent number: 7640591Abstract: A method for controlling a denial of service attack involves receiving a plurality of packets from a network, identifying an attacking host based on a severity level of the denial of service attack from the network, wherein the attacking host is identified by an identifying attack characteristic associated with one of the plurality of packets associated with the attacking host, analyzing each of the plurality of packets by a classifier to determine to which of a plurality of temporary data structures each of the plurality of packet is forwarded, forwarding each of the plurality of packets associated with the identifying attack characteristic to one of the plurality of temporary data structures matching the severity level of the denial of service attack as determined by the classifier, requesting a number of packets from the one of the plurality of temporary data structures matching the severity level by the virtual serialization queue, and forwarding the number of packets to the virtual serialization queue.Type: GrantFiled: April 22, 2005Date of Patent: December 29, 2009Assignee: Sun Microsystems, Inc.Inventors: Sunay Tripathi, Nicolas G. Droux, Yuzo Watanabe
-
Patent number: 7634608Abstract: A system includes a first and a second network component, and a bridge. The bridge, which resides a Media Access Control (MAC) layer of a host, includes a bridge component, a first virtual network interface card (VNIC) and a second VNIC, wherein the first VNIC is associated with the first network component and the second VNIC is associated with the second network component. Further, the bridge component is configured to send packets received from the first network component to the second network component and to send packets received from the second network component to the first network component.Type: GrantFiled: June 30, 2006Date of Patent: December 15, 2009Assignee: Sun Microsystems, Inc.Inventors: Nicolas G. Droux, Sunay Tripathi, Kais Belgaied, Erik Nordmark
-
Patent number: 7631182Abstract: A method for offloading a secure protocol handshake. The method includes establishing a connection between a host system and a remote peer, and determining whether the secure protocol handshake is offloaded to a network interface card (NIC). When the secure protocol handshake is offloaded to the NIC, an offload request is sent to offload the secure protocol handshake, where the offload request includes a value of at least one cryptographic key. The method further includes performing cryptographic operations associated with the secure protocol handshake using the value of at least one cryptographic key to obtain at least one secret key, and returning a status of the secure protocol handshake to the host system.Type: GrantFiled: June 24, 2005Date of Patent: December 8, 2009Assignee: Sun Microsystems, Inc.Inventors: Nicolas G. Droux, Sunay Tripathi, Hsiao-Keng Jerry Chu
-
Patent number: 7630368Abstract: A method for routing packets includes receiving an outbound packet issued by a first virtual machine, wherein the first virtual machine is located on a host, determining a packet destination associated with the outbound packet, querying a routing table for a routing entry corresponding to the packet destination, wherein the routing table comprises a first routing entry referencing an external host and a second routing entry referencing a second virtual machine, wherein the second virtual machine is located on the host, if the routing entry corresponding to the packet destination is the first routing entry, passing the packet to the external host, and if the routing entry corresponding to the packet destination is the second routing entry, passing the packet to the second virtual machine.Type: GrantFiled: June 30, 2006Date of Patent: December 8, 2009Assignee: Sun Microsystems, Inc.Inventors: Sunay Tripathi, Erik Nordmark, Nicolas G. Droux
-
Patent number: 7627899Abstract: A method for isolating legitimate network traffic during a denial of service attack involves receiving a plurality of packets from a network, detecting an attack from the network on a first virtual network stack, wherein the attack on the first virtual network stack comprises at least one from the group consisting of the denial of service attack and an extreme network load, if the attack is detected, forwarding a plurality of packets associated with a subsequent connection to a temporary data structure associated with a second virtual network stack, wherein the second virtual network stack is a lowest priority queue configured at connection setup time, determining whether the subsequent connection is legitimate, and forwarding at least one of the plurality of packets associated with the subsequent connection to a temporary data structure associated with the first virtual network stack if the subsequent connection is legitimate, wherein a higher priority mapping is assigned by a classifier to the subsequent coType: GrantFiled: April 22, 2005Date of Patent: December 1, 2009Assignee: Sun Microsystems, Inc.Inventors: Sunay Tripathi, Nicolas G. Droux
-
Patent number: 7623538Abstract: Incoming/outgoing data packets to/from a network are processed by associated receive/send rings of a network interface. A plurality of counters, disposed in hardware, are each associated with particular receive/send rings. Each of the plurality of counters maintains a count of a number of data packets processed by an associated receive/send ring.Type: GrantFiled: April 22, 2005Date of Patent: November 24, 2009Assignee: Sun Microsystems, Inc.Inventors: Sunay Tripathi, Nicolas G. Droux, Hsiao-Keng Jerry Chu
-
Patent number: 7616653Abstract: In general, in one aspect, the invention relates to a network interface card (NIC) aggregation framework, including a plurality of providers each configured to publish at least one port, a MAC client configured to send a packet to the at least one port, and a media access control (MAC) service module configured to map the at least one port to one of the plurality of providers, wherein the MAC service module comprises a client interface configured to interface with the MAC client and a provider interface configured to interface with each of the plurality of providers.Type: GrantFiled: September 2, 2004Date of Patent: November 10, 2009Assignee: Sun Microsystems, Inc.Inventors: Nicolas G. Droux, Sunay Tripathi, Paul Durrant
-
Patent number: 7613132Abstract: A method of controlling bandwidth including receiving and classifying a packet, sending the packet to a hardware receive ring based on a classification of the packet, and sending, in accordance with an operating mode, the packet to a software receive ring, sending the packet from the software receive ring to a virtual network interface card, where the virtual network interface card is associated with a virtual machine, where the operating mode is adjusted to control the bandwidth consumed by the virtual machine.Type: GrantFiled: June 30, 2006Date of Patent: November 3, 2009Assignee: Sun Microsystems, Inc.Inventors: Sunay Tripathi, Tim P. Marsland, Nicolas G. Droux
-
Patent number: 7613198Abstract: A method for dynamically changing a virtual network interface card (VNIC) binding. If the use of a hardware receive ring (HRR) is below the first threshold and the use of the software receive ring (SRR) is above the second threshold, then: binding the first VNIC to the SRR and the second VNIC to the HRR, removing the binding from the first VNIC to the HRR, removing the binding from the second VNIC to the SRR, and reprogramming a hardware classifier to send packets associated with the r VNIC to a second HRR and to send packets associated with the second VNIC to the HRR, reprogramming a software classifier to send packets associated with the first VNIC to the SRR, wherein the software classifier is associated with a soft ring (SR) and the SR is configured to obtain packets from the second HRR.Type: GrantFiled: June 30, 2006Date of Patent: November 3, 2009Assignee: Sun Microsystems, Inc.Inventors: Kais Belgaied, Sunay Tripathi, Nicolas G. Droux