Automatic provisioning and onboarding of offline or disconnected machines
US-12182236-B2 · Dec 31, 2024 · US
Systems and methods for queue level SSL card mapping to multi-core packet engine
US9378381B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9378381-B2 |
| Application number | US-201414161417-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 22, 2014 |
| Priority date | Dec 23, 2009 |
| Publication date | Jun 28, 2016 |
| Grant date | Jun 28, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present invention is directed towards systems and methods for distributed operation of a plurality of cryptographic cards in a multi-core system. In various embodiments, a plurality of cryptographic cards providing encryption/decryption resources are assigned to a plurality of packet processing engines in operation on a multi-core processing system. One or more cryptographic cards can be configured with a plurality of hardware or software queues. The plurality of queues can be assigned to plural packet processing engines so that the plural packet processing engines share cryptographic services of a cryptographic card having multiple queues. In some embodiments, all cryptographic cards are configured with multiple queues which are assigned to the plurality of packet processing engines configured for encryption operation.
First claim
Opening claim text (preview).
What is claimed: 1. A method of assigning a plurality of Secure Socket Layer (SSL) cards to a plurality of packet processing engines in a multi-core device, the method comprising: (a) receiving, by a card distribution manager of a multi-core device, identification of a plurality of packet processing engines configured to operate on a respective core of the multi-core device and one or more Secure Socket Layer (SSL) cards of the multi-core device; (b) establishing, by the card distribution manager, a plurality of queues for each of the one or more SSL cards; (c) copying, corresponding to the established plurality of queues, a first user space memory allocation of a first SSL card of the one or more SSL cards, to establish at least a second user space memory allocation; and (d) allocating, by the card distribution manager, the first user space memory allocation and a first queue of the plurality of queues of the first SSL card to a first packet processing engine of the plurality of packet processing engines, and the second user space memory allocation and a second queue of the plurality of queues of the first SSL card to a second packet processing engine of the plurality of packet processing engines. 2. The method of claim 1 , wherein (b) comprises identifying a number of hardware queues for each of the one or more SSL cards. 3. The method of claim 1 , wherein (d) further comprises assigning the plurality of queues to a selected number of the plurality of packet processing engines in a round-robin manner. 4. The method of claim 1 , wherein (d) further comprises mapping kernel memory allocated to one of the one or more SSL cards to user space memory allocated to one of the plurality of packet processing engines. 5. The method of claim 4 , further comprising: (e) cloning, by a packet processing engine, a call to the one of the one or more SSL cards; and (f) changing, by the packet processing engine, the call to identify one of the plurality of queues for the one of the one or more SSL cards. 6. The method of claim 5 , wherein changing comprises offsetting an address from a queue base address in the call to identify one of the plurality of queues for the one of the one or more SSL cards. 7. The method of claim 1 , further comprising monitoring, by a packet processing engine, a status of one of the one or more SSL cards, wherein only one of the plurality of packet processing engines assigned a selected queue monitors the status of the one of the one or more SSL cards. 8. The method of claim 7 , further comprising signaling, by the packet processing engine, to other packet processing engines of the plurality of packet processing engines and a handling agent a detected failure of the one of the one or more SSL cards. 9. The method of claim 8 , further comprising continuing, by the packet processing engine, SSL operations via another SSL card of the one or more SSL cards. 10. The method of claim 1 , further comprising allocating, by the card distribution manager, each queue of the plurality of queues to one of the one or more SSL cards. 11. A system for assigning a plurality of Secure Socket Layer (SSL) cards to a plurality of packet processing engines of a multi-core device, the system comprising: a multi-core device, the multi-core device comprising: a plurality of packet processing engines; one or more Secure Socket Layer (SSL) cards a card distribution manager configured to receive identification of the plurality of packet processing engines configured to operate on a respective core of the multi-core device and the one or more SSL cards and to establish a plurality of queues for each of the one or more SSL cards; wherein the card distribution manager is configured to copy, corresponding to the established plurality of queues, a first user space memory allocation of a first SSL card of the one or more SSL cards, to establish at least a second user space memory allocation; and wherein the card distribution manager is configured to allocate the first user space memory allocation and a first queue of the plurality of queues of the first SSL card of the one or more SSL cards to a first packet processing engine of the plurality of packet processing engines, and allocate the second user space memory allocation and a second queue of the plurality of queues of the first SSL card to a second packet processing engine of the plurality of packet processing engines. 12. The system of claim 11 , wherein the card distribution manager is configured to identify a number of hardware queues for each of the one or more SSL cards. 13. The system of claim 11 , wherein the card distribution manager is configured to assign the plurality of queues to a selected number of the plurality of packet processing engines in a round-robin manner. 14. The system of claim 11 , wherein the card distribution manager is configured to map kernel memory allocated to one of the one or more SSL cards to user space memory allocated to one of the plurality of packet processing engines. 15. The system of claim 14 , wherein a packet processing engine is configured to clone a call to the one of the one or more SSL cards and to change the call to identify one of the plurality of queues for the one of the one or more SSL cards. 16. The system of claim 15 , wherein changing comprises offsetting an address from a queue base address in the call to identify one of the plurality of queues for the one of the one or more SSL cards. 17. The system of claim 11 , wherein a packet processing engine is further configured to monitor a status of one of the one or more SSL cards and wherein only one of the plurality of packet processing engines assigned a selected queue monitors the status of the one of the one or more SSL cards. 18. The system of claim 17 , wherein the packet processing engine is further configured to signal to other packet processing engines of the plurality of packet processing engines and a handling agent a detected failure of the one of the one or more SSL cards. 19. The system of claim 18 , wherein the packet processing engine is further configured to continue SSL operations via another SSL card of the one or more SSL cards. 20. The system of claim 11 , wherein the card distribution manager is further configured to allocate each queue of the plurality of queues to one of the one or more SSL cards.
Assignees
Inventors
Classifications
at the transport layer · CPC title
- G06F21/602Primary
Providing cryptographic facilities or services · CPC title
Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up · CPC title
Protocol engines · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9378381B2 cover?
- The present invention is directed towards systems and methods for distributed operation of a plurality of cryptographic cards in a multi-core system. In various embodiments, a plurality of cryptographic cards providing encryption/decryption resources are assigned to a plurality of packet processing engines in operation on a multi-core processing system. One or more cryptographic cards can be co…
- Who is the assignee on this patent?
- Citrix Systems Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/602. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 28 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).