Technologies for high-performance network fabric security
US-2017339106-A1 · Nov 23, 2017 · US
System and method for supporting SMA level handling to ensure subnet integrity in a high performance computing environment
US10148567B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10148567-B2 |
| Application number | US-201715414367-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 24, 2017 |
| Priority date | Jan 27, 2016 |
| Publication date | Dec 4, 2018 |
| Grant date | Dec 4, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for supporting SMA level handling to ensure subnet integrity in a high performance computing environment. In accordance with an embodiment, in order to ensure subnet integrity, a SMA at an entry port can operate such that all incoming packets are forwarded to an embedded processor (firmware) no matter where the packet is addressed. Each incoming packet can thus be filtered by an embedded processor. If the packet is valid (for example, includes a second receiver flag and is addressed appropriately), the packet can be allowed. However, if some portion of the validation fails, the packet can be dropped before being allowed entry into the subnet, thus ensuring the integrity of the subnet from erroneous and/or dangerous packets.
First claim
Opening claim text (preview).
What is claimed is: 1. A system for supporting SMA level handling to ensure subnet integrity in a high performance computing environment, comprising: one or more microprocessors; a first subnet, the first subnet comprising one or more switches, the one or more switches comprising at least a leaf switch, wherein each of the one or more switches comprise a plurality of switch ports, a plurality of host channel adapters, each host channel adapter comprising at least one host channel adapter port, a plurality of end nodes, wherein each of the end nodes are associated with at least one host channel adapter of the plurality of host channel adapters, and a subnet manager, the subnet manager running on one of the one or more switches and the plurality of host channel adapters; wherein a switch port of the plurality of switch ports on a switch of the one or more switches is configured as a router port; wherein the switch port configured as the router port is logically connected to a virtual router; wherein the switch of the one or more switches that comprises the switch port of the plurality of switch ports configured as a router port comprises a firmware, the firmware running a subnet management agent (SMA); wherein the switch port of the plurality of switch ports configured as a router port receives, from a physical link, a subnet management packet (SMP); and wherein upon the switch port of the plurality of switch ports configured as a router port receiving the subnet management packet from a physical link, the SMA attempts to validate the SMP. 2. The system of claim 1 , wherein the SMP comprises a vendor specific SMP (VSMP); wherein the physical link comprise a first end and a second end; wherein the first end of the physical link attaches to the switch port of the plurality of switch ports configured as a router port; and wherein the second end of the physical link attaches to a second subnet. 3. The system of claim 2 , wherein the second subnet comprises: one or more switches of the second subnet, the one or more switches of the second subnet comprising at least a leaf switch of the second subnet, wherein each of the one or more switches of the second subnet comprise a plurality of switch ports of the second subnet, a plurality of host channel adapters of the second subnet, each host channel adapter of the second subnet comprising at least one host channel adapter port of the second subnet; a plurality of end nodes of the second subnet, wherein each of the end nodes of the second subnet are associated with at least one host channel adapter of the second subnet of the plurality of host channel adapters of the second subnet, and a subnet manager of the second subnet, the subnet manager of the second subnet running on one of the one or more switches of the second subnet and the plurality of host channel adapters of the second subnet; wherein a switch port of the second subnet of the plurality of switch ports of the second subnet on a switch of the another one or more switches of the second subnet is configured as a router port of the second subnet; wherein the switch port of the second subnet configured as the router port of the second subnet is logically connected to a virtual router of the second subnet, the virtual router of the second subnet comprising at least two virtual router ports of the second subnet; and wherein the second end of the physical link attaches to the switch port of the second subnet configured as the router port of the second subnet. 4. The system of claim 3 , wherein the VSMP received at the switch port configured as a router port is a direct routed (DR) VSMP, the DR VSMP comprising path information, the DR path information comprising a number of sequential hops; wherein the DR path information includes one or more hops beyond the switch port configured as a router port. 5. The system of claim 4 , wherein upon receiving the DR VSMP at the switch port configured as a router port, determines that the DR path information includes one or more hops beyond the switch port configured as a router port. 6. The system of claim 5 , wherein upon determining that the DR path information includes one or more hops beyond the switch port configured as a router port, the SMA drops the DR VSMP. 7. The system of claim 6 , wherein upon dropping the DR VSMP, the SMA sends an error message on the physical link to the second subnet; wherein the error message indicates that the DR VSMP extended one or more hops beyond the switch port configured as a router port. 8. A method for supporting SMA level handling to ensure subnet integrity in a high performance computing environment, comprising: providing, at one or more computers, including one or more microprocessors, a first subnet, the first subnet comprising one or more switches, the one or more switches comprising at least a leaf switch, wherein each of the one or more switches comprise a plurality of switch ports, a plurality of host channel adapters, each host channel adapter comprising at least one host channel adapter port, a plurality of end nodes, wherein each of the end nodes are associated with at least one host channel adapter of the plurality of host channel adapters, and a subnet manager, the subnet manager running on one of the one or more switches and the plurality of host channel adapters; configuring a switch port of the plurality of switch ports on a switch of the one or more switches as a router port; logically connecting the switch port configured as the router port to a virtual router; running a subnet management agent on a firmware of the switch of the one or more switches that comprises the switch port of the plurality of switch ports configured as a router port; receiving, at the switch port of the plurality of switch ports configured as a router port, from a physical link, a subnet management packet (SMP); and upon the switch port of the plurality of switch ports configured as a router port receiving the subnet management packet from a physical link, validating, by the SMA, the SMP. 9. The method of claim 8 , further comprising: wherein the SMP comprises a vendor specific SMP (VSMP); wherein the physical link comprise a first end and a second end; attaching the first end of the physical link to the switch port of the plurality of switch ports configured as a router port; and attaching the second end of the physical link to a second subnet. 10. The method of claim 9 , further comprising: providing, at one or more computers, including one or more microprocessors, the second subnet, the second subnet comprising: one or more switches of the second subnet, the one or more switches of the second subnet comprising at least a leaf switch of the second subnet, wherein each of the one or more switches of the second subnet comprise a plurality of switch ports of the second subnet, a plurality of host channel adapters of the second subnet, each host channel adapter of the second subnet comprising at least one host channel adapter port of the second subnet; a plurality of end nodes of the second subnet, wherein each of the end nodes of the second subnet are associated with at least one host channel adapter of the second subnet of the plurality of host channel adapters of the second subnet, and a subnet manager of the second subnet, the subnet manager of the second subnet running on one of the one or more switches of the second subnet and the plurality of host channel adapters of the second subnet; configuring a switch port of the second subnet of the plurality of switch ports of the second subnet on a switch of the another one or more switches of the second subnet as a router port of the
Assignees
Inventors
Classifications
Hypervisor-specific management and integration aspects · CPC title
Parsing or analysis of headers · CPC title
with traffic restrictions for efficiency improvement, e.g. involving subnets or subdomains · CPC title
Route discovery packet · CPC title
of different types · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10148567B2 cover?
- Systems and methods for supporting SMA level handling to ensure subnet integrity in a high performance computing environment. In accordance with an embodiment, in order to ensure subnet integrity, a SMA at an entry port can operate such that all incoming packets are forwarded to an embedded processor (firmware) no matter where the packet is addressed. Each incoming packet can thus be filtered b…
- Who is the assignee on this patent?
- Oracle Int Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L45/74. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 04 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).