System and method for achieving hardware acceleration for asymmetric flow connections

US 10,375,155 B1
Filed: 01/17/2017
Issued: 08/06/2019
Est. Priority Date: 02/19/2013
Status: Active Grant

First Claim

Patent Images

1. A method for data packet processing implemented by a network traffic management system operating in a network environment comprising one or more network traffic management devices, one or more server devices, or one or more client devices, wherein at least one of the network traffic management devices includes a software component implemented by a general processing unit and a hardware component configured for packet processing, the method comprising:

receiving at the at least one network traffic management device one or more data packets associated with a sub-flow within a connection containing at least two sub-flows wherein each sub-flow is associated with a direction within the connection;

determining, by the at the at least one network traffic management device, when a flow entry exists in a flow cache table of the hardware component for a sub-flow associated with the one or more data packets;

when the determining indicates that the flow entry does not exist in the flow cache table, the software component performs the following actions;

generate a snoop header for the one or more data packets that comprises flow signature information comprising a flow signature entry and transformation information comprising a transformation data entry for each of a first flow direction of the sub-flow of the connection and a second flow direction opposite the first flow direction of the sub-flow of the connection, andprovide the snoop header comprising the flow signature information and the transformation information to the hardware component for incorporation into the flow cache table for further processing of the one or more data packets associated with the sub-flow; and

when the determining indicates that the flow entry does exist in the flow cache table, the hardware component performs the following actions;

obtain the flow signature information and the transformation information from the flow cache table,transform the one or more data packets using at least one of the flow signature information and the transformation information, andtransmit the one or more transformed data packets through the sub-flow of the connection associated with the one or more data packets.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Performance of connection flow management between a hardware-based network interface and a software module of a network traffic management device is disclosed. A flow connection setup for a flow connection is established between a client device and a server at the network traffic management device. It is then determined if the flow connection is symmetrical or asymmetrical in nature. A flow signature entry and a transformation data entry for the flow connection is generated, by software executed by the network traffic management device, in opposing first and second symmetric or asymmetric flow directions. The flow signature entry and the transformation data entry for the first and second flow directions is sent from the software module to the network interface. The network interface stores and utilizes the flow signature entry and the transformation data entry to perform acceleration on data packets in the first and second flow directions.

1250 Citations

21 Claims

1. A method for data packet processing implemented by a network traffic management system operating in a network environment comprising one or more network traffic management devices, one or more server devices, or one or more client devices, wherein at least one of the network traffic management devices includes a software component implemented by a general processing unit and a hardware component configured for packet processing, the method comprising:
- receiving at the at least one network traffic management device one or more data packets associated with a sub-flow within a connection containing at least two sub-flows wherein each sub-flow is associated with a direction within the connection;
  
  determining, by the at the at least one network traffic management device, when a flow entry exists in a flow cache table of the hardware component for a sub-flow associated with the one or more data packets;
  
  when the determining indicates that the flow entry does not exist in the flow cache table, the software component performs the following actions;
  
  generate a snoop header for the one or more data packets that comprises flow signature information comprising a flow signature entry and transformation information comprising a transformation data entry for each of a first flow direction of the sub-flow of the connection and a second flow direction opposite the first flow direction of the sub-flow of the connection, andprovide the snoop header comprising the flow signature information and the transformation information to the hardware component for incorporation into the flow cache table for further processing of the one or more data packets associated with the sub-flow; and
  
  when the determining indicates that the flow entry does exist in the flow cache table, the hardware component performs the following actions;
  
  obtain the flow signature information and the transformation information from the flow cache table,transform the one or more data packets using at least one of the flow signature information and the transformation information, andtransmit the one or more transformed data packets through the sub-flow of the connection associated with the one or more data packets.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the hardware component is configured to be capable of extracting and using the flow signature entry and the transformation data entry from the snoop header to generate entries in the flow cache table for each of the first and second flow directions.
  - 3. The method of claim 1, wherein the first flow direction comprises a first connection between one of the client devices and the at least one network traffic management device, and the second flow direction comprises a second connection between the at least one network traffic management device and one of the server devices or a third connection between one of the server devices and one of the clients devices.
  - 4. The method of claim 1, wherein at least one of the first or second flow directions is asymmetrical.
  - 5. The method of claim 1, further comprising selecting by the at least one of the network traffic management devices some of the one or more data packets for processing by the hardware component and selecting at least some other data packets for processing by the software component.
  - 6. The method of claim 5, further comprising processing, by the software component, the at least some other data packets selected for processing by the software component rather than the hardware component for transmission through the sub-flow of the connection associated with the at least some other data packets without providing any flow signature and transformation information for the associated sub-flow to the hardware component.
  - 7. The method of claim 1, further comprising removing, by the hardware component, the flow signature information and the transformation information for a particular sub-flow from the flow cache table when either there is a collision with the flow signature information and the transformation information of another sub-flow or the flow signature and transformation information has aged out.

8. A network traffic management device, comprising a hardware component configured for processing packets, one or more processors, and a software component, wherein:
- the hardware component comprises configurable hardware logic configured to;
  
  receive one or more data packets associated with a sub-flow within a connection containing at least two sub-flows wherein each sub-flow is associated with a direction within the connection;
  
  determine when a flow entry exists in a flow cache table of the hardware component for a sub-flow associated with the one or more data packets; and
  
  the software component comprises memory comprising programmed instructions stored thereon and the one or more processors are configured to be capable of executing the stored programmed instructions to, when the determining indicates that the flow entry does not exist in the flow cache table;
  
  generate a snoop header for the one or more data packets that comprises flow signature information comprising a flow signature entry and transformation information comprising a transformation data entry for each of a first flow direction of the sub-flow of the connection and a second flow direction opposite the first flow direction of the sub-flow of the connection, andprovide the snoop header comprising the flow signature information and the transformation information to the hardware component for incorporation into the flow cache table for further processing of the one or more data packets associated with the sub-flow; and
  
  the configurable hardware logic component is further configured to, when the determining indicates that the flow entry does exist in the flow cache table;
  
  obtain the flow signature information and the transformation information from the flow cache table,transform the one or more data packets using at least one of the flow signature information and the transformation information, andtransmit the one or more transformed data packets through the sub-flow of the connection associated with the one or more data packets.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The network traffic management device of claim 8, wherein the hardware component is configured to be capable of extracting and using the flow signature entry and the transformation data entry from the snoop header to generate entries in the flow cache table for each of the first and second flow directions.
  - 10. The network traffic management device of claim 8, wherein the first flow direction comprises a first connection between a client device and the network traffic management device, and the second flow direction comprises a second connection between the network traffic management device and a server device or a third connection between the server device and the clients device.
  - 11. The network traffic management device of claim 8, wherein at least one of the first or second flow directions is asymmetrical.
  - 12. The network traffic management device of claim 8, wherein the one or more processors are configured to be capable of executing the stored programmed instructions to select some of the one or more data packets for processing by the hardware component and select at least some other data packets for processing by the software component.
  - 13. The network traffic management device of claim 12, wherein the one or more processors are configured to be capable of executing the stored programmed instructions to process the at least some other data packets selected for processing by the software component rather than the hardware component for transmission through the sub-flow of the connection associated with the at least some other data packets without providing any flow signature and transformation information for the associated sub-flow to the hardware component.
  - 14. The network traffic management device of claim 8, wherein the configurable hardware logic of the hardware component is further configured to remove the flow signature information and the transformation information for a particular sub-flow from the flow cache table when either there is a collision with the flow signature information and the transformation information of another sub-flow or the flow signature and transformation information has aged out.

15. A non-transitory computer readable medium having stored thereon instructions for processing network packets comprising executable code which when executed by one or more processors, causes the one or more processors to, when a hardware component determines that a flow entry does not exist in a flow cache table:
- generate a snoop header for the one or more data packets that comprises flow signature information comprising a flow signature entry and transformation information comprising a transformation data entry for each of a first flow direction of the sub-flow of the connection and a second flow direction opposite the first flow direction of the sub-flow of the connection, andprovide the snoop header comprising the flow signature information and the transformation information to the hardware component for incorporation into the flow cache table for further processing of the one or more data packets associated with the sub-flow, wherein the hardware component comprises configurable hardware logic configured to, when the hardware component determines that the flow entry does exist in the flow cache table;
  
  obtain the flow signature information and the transformation information from the flow cache table,transform the one or more data packets using at least one of the flow signature information and the transformation information, andtransmit the one or more transformed data packets through the sub-flow of the connection associated with the one or more data packets.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory computer readable medium of claim 15, wherein the hardware component is configured to be capable of extracting and using the flow signature entry and the transformation data entry from the snoop header to generate entries in the flow cache table for each of the first and second flow directions.
  - 17. The non-transitory computer readable medium of claim 15, wherein the first flow direction comprises a first connection between a client device and a network traffic management device, and the second flow direction comprises a second connection between the network traffic management device and a server device or a third connection between the server device and the clients device.
  - 18. The non-transitory computer readable medium of claim 15, wherein at least one of the first or second flow directions is asymmetrical.
  - 19. The non-transitory computer readable medium of claim 15, wherein the executable code when executed by the one or more processors further causes the one or more processors to select some of the one or more data packets for processing by the hardware component and select at least some other data packets for processing by the software component.
  - 20. The non-transitory computer readable medium of claim 19, wherein the executable code when executed by the one or more processors further causes the one or more processors to process the at least some other data packets selected for processing by the software component rather than the hardware component for transmission through the sub-flow of the connection associated with the at least some other data packets without providing any flow signature and transformation information for the associated sub-flow to the hardware component.
  - 21. The non-transitory computer readable medium of claim 19, wherein the configurable hardware logic of the hardware component is further configured to remove the flow signature information and the transformation information for a particular sub-flow from the flow cache table when either there is a collision with the flow signature information and the transformation information of another sub-flow or the flow signature and transformation information has aged out.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
F5 Networks, Inc. (F5 Incorporated)
Inventors
Cai, Hao, Lu, Qi
Primary Examiner(s)
Keller, Michael A
Assistant Examiner(s)
Lin, Jsing Forng

Application Number

US15/408,354
Time in Patent Office

931 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/0896   Bandwidth or capacity manag...

H04L 43/026   using flow identification

H04L 67/01   Protocols

H04L 67/1001   for accessing one among a p...

H04L 67/141   Setup of application sessio...

H04L 67/568   Storing data temporarily at...

H04L 69/22   Parsing or analysis of headers

System and method for achieving hardware acceleration for asymmetric flow connections

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

1250 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for achieving hardware acceleration for asymmetric flow connections

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1250 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links