Technologies for dividing work across accelerator devices
US-2024143410-A1 · May 2, 2024 · US
Apparatus and method for network traffic classification and policy enforcement
US9705698B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9705698-B1 |
| Application number | US-201615365507-A |
| Country | US |
| Kind code | B1 |
| Filing date | Nov 30, 2016 |
| Priority date | Mar 31, 2015 |
| Publication date | Jul 11, 2017 |
| Grant date | Jul 11, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A machine has a bus, an input port connected to the bus to receive inbound network traffic, an output port connected to the bus to convey outbound network traffic and a processor complex connected to the bus. The processor complex is configured as a pipeline with individual processor cores assigned individual network traffic processing tasks. The pipeline includes a first set of processor cores to construct network traffic trees characterizing the inbound network traffic and the outbound network traffic. Each network traffic tree characterizes traffic type and traffic rate. A second set of processor cores enforces network traffic policies utilizing the network traffic trees. The network traffic policies apply traffic rate control by traffic type for the inbound network traffic and the outbound network traffic.
First claim
Opening claim text (preview).
The invention claimed is: 1. A machine, comprising: a bus; an input port connected to the bus to receive inbound network traffic; an output port connected to the bus to convey outbound network traffic; and a processor complex connected to the bus, the processor complex configured as a pipeline with individual processor cores assigned individual network traffic processing tasks, the pipeline including: a first set of processor cores to construct a first network traffic tree characterizing the inbound network traffic and a second network traffic tree characterizing the outbound network traffic, where the first and second network traffic trees characterize at least one traffic type and at least one traffic rate, and where the first and second network traffic trees are different from each other with respect to at least one traffic type or at least one traffic rate; and a second set of processor cores to enforce one or more network traffic policies utilizing at least one of the first and second network traffic trees constructed by the first set of processor cores. 2. The machine of claim 1 wherein the first set of processor cores includes a first processor core to process the inbound network traffic and a second processor core to process the outbound network traffic. 3. The machine of claim 1 wherein the second set of processor cores includes a third processor core to enforce traffic rate control on the inbound network traffic and a fourth processor core to enforce traffic rate control on the outbound network traffic. 4. The machine of claim 1 wherein traffic type includes a traffic category and a set of applications corresponding to the traffic category. 5. The machine of claim 1 wherein the traffic type includes at least one of an enterprise location and an enterprise group. 6. The machine of claim 1 , wherein the one or more network traffic policies enforce traffic rate control by traffic type on at least one of the inbound network traffic and the outbound network traffic. 7. The machine of claim 1 , wherein the one or more network traffic policies enforce at least one of a guaranteed traffic rate, burst rate, and a priority class. 8. The machine of claim 1 further comprising lock-free queues between the first set of processor cores and the second set of processor cores. 9. The machine of claim 8 wherein a lock-free queue is configured to receive input from a single processor core of the first set of processor cores and supply output to a single processor core of the second set of processor cores. 10. The machine of claim 8 further comprising a feedback queue to receive input from a single processor core of the second set of processor cores and supply output to a single processor core of the first set of processor cores. 11. The machine of claim 8 wherein a first processor core of the first set of processor cores allocates a network packet and a second processor core of the second set of processor cores de-allocates the network packet and writes a message to a lock-free queue for consumption by the first processor core. 12. The machine of claim 1 wherein each processor core of the first set of processor cores has a timer wheel. 13. The machine of claim 1 wherein each processor core of the first set of processor cores is configured so that each network connection is assigned to a single thread. 14. The machine of claim 1 wherein each processor core of the second set of processor cores is configured so that network packets belonging to the same partition are assigned to a single thread. 15. A method, comprising: receiving, by an input port connected to a bus, inbound network traffic; conveying, by an output port connected to the bus, outbound network traffic; constructing, by a first set of processor cores, a first network traffic tree characterizing the inbound network traffic and a second network traffic tree characterizing the outbound network traffic, where the first and second network traffic trees characterize at least one traffic type and at least one traffic rate, and where the first and second network traffic trees are different from each other with respect to at least one traffic type or at least one traffic rate; enforcing, by a second set of processor cores, one or more network traffic policies utilizing at least one of the first and second network traffic trees constructed by the first set of processor cores; and wherein a processor complex connected to the bus is configured as a pipeline with individual processor cores assigned individual network traffic processing tasks, the pipeline including the first set of processor cores and the second set of processor cores. 16. The method of claim 15 , wherein the first set of processor cores includes a first processor core and a second processor core, and further comprising: processing, by the first processor core, the inbound network traffic; and processing, by the second processor core, the outbound network traffic. 17. The method of claim 15 , further comprising implementing lock-free queues between the first set of processor cores and the second set of processor cores. 18. A system, comprising: a bus; an input port connected to the bus to receive inbound network traffic; an output port connected to the bus to convey outbound network traffic; a router connected to at least one of the input port and the output port, where the router is configured to communicate with the internet; a switch connected to at least one of the input port and the output port, where the switch is configured to communicate with a local area network; and a processor complex connected to the bus, the processor complex configured as a pipeline with individual processor cores assigned individual network traffic processing tasks, the pipeline including: a first set of processor cores to construct a first network traffic tree characterizing the inbound network traffic and a second network traffic tree characterizing the outbound network traffic, where the first and second network traffic trees characterize at least one traffic type and at least one traffic rate, and where the first and second network traffic trees are different from each other with respect to at least one traffic type or at least one traffic rate; and a second set of processor cores to enforce one or more network traffic policies utilizing at least one of the first and second network traffic trees constructed by the first set of processor cores. 19. The system of claim 18 , wherein the first set of processor cores includes a first processor core to process the inbound network traffic and a second processor core to process the outbound network traffic. 20. The system of claim 18 , further comprising lock-free queues between the first set of processor cores and the second set of processor cores.
Assignees
Inventors
Classifications
- G06F13/4022Primary
using switching circuits, e.g. switching matrix, connection or expansion network (G06F13/4009 takes precedence) · CPC title
Routing tree calculation · CPC title
- H04L12/40071Primary
Packet processing; Packet format (adaptation of digital video signals for transport over a specific network H04N21/2381, H04N21/4363, H04N21/4381; packet switches H04L49/00; intermediate storage or scheduling H04L49/90) · CPC title
with traffic restrictions for efficiency improvement, e.g. involving subnets or subdomains · CPC title
LAN interconnection over a backbone network, e.g. Internet, Frame Relay · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9705698B1 cover?
- A machine has a bus, an input port connected to the bus to receive inbound network traffic, an output port connected to the bus to convey outbound network traffic and a processor complex connected to the bus. The processor complex is configured as a pipeline with individual processor cores assigned individual network traffic processing tasks. The pipeline includes a first set of processor cores…
- Who is the assignee on this patent?
- Symantec Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F13/4022. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 11 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).