System and method for achieving hardware acceleration for asymmetric flow connections
First Claim
1. A method for data packet processing implemented by a network traffic management system operating in a network environment comprising one or more network traffic management devices, one or more server devices, or one or more client devices, wherein at least one of the network traffic management devices includes a software component implemented by a general processing unit and a hardware component configured for packet processing, the method comprising:
- receiving at the at least one network traffic management device one or more data packets associated with a sub-flow within a connection containing at least two sub-flows wherein each sub-flow is associated with a direction within the connection;
determining, by the at the at least one network traffic management device, when a flow entry exists in a flow cache table of the hardware component for a sub-flow associated with the one or more data packets;
when the determining indicates that the flow entry does not exist in the flow cache table, the software component performs the following actions;
generate a snoop header for the one or more data packets that comprises flow signature information comprising a flow signature entry and transformation information comprising a transformation data entry for each of a first flow direction of the sub-flow of the connection and a second flow direction opposite the first flow direction of the sub-flow of the connection, andprovide the snoop header comprising the flow signature information and the transformation information to the hardware component for incorporation into the flow cache table for further processing of the one or more data packets associated with the sub-flow; and
when the determining indicates that the flow entry does exist in the flow cache table, the hardware component performs the following actions;
obtain the flow signature information and the transformation information from the flow cache table,transform the one or more data packets using at least one of the flow signature information and the transformation information, andtransmit the one or more transformed data packets through the sub-flow of the connection associated with the one or more data packets.
0 Assignments
0 Petitions
Accused Products
Abstract
Performance of connection flow management between a hardware-based network interface and a software module of a network traffic management device is disclosed. A flow connection setup for a flow connection is established between a client device and a server at the network traffic management device. It is then determined if the flow connection is symmetrical or asymmetrical in nature. A flow signature entry and a transformation data entry for the flow connection is generated, by software executed by the network traffic management device, in opposing first and second symmetric or asymmetric flow directions. The flow signature entry and the transformation data entry for the first and second flow directions is sent from the software module to the network interface. The network interface stores and utilizes the flow signature entry and the transformation data entry to perform acceleration on data packets in the first and second flow directions.
1250 Citations
21 Claims
-
1. A method for data packet processing implemented by a network traffic management system operating in a network environment comprising one or more network traffic management devices, one or more server devices, or one or more client devices, wherein at least one of the network traffic management devices includes a software component implemented by a general processing unit and a hardware component configured for packet processing, the method comprising:
-
receiving at the at least one network traffic management device one or more data packets associated with a sub-flow within a connection containing at least two sub-flows wherein each sub-flow is associated with a direction within the connection; determining, by the at the at least one network traffic management device, when a flow entry exists in a flow cache table of the hardware component for a sub-flow associated with the one or more data packets; when the determining indicates that the flow entry does not exist in the flow cache table, the software component performs the following actions; generate a snoop header for the one or more data packets that comprises flow signature information comprising a flow signature entry and transformation information comprising a transformation data entry for each of a first flow direction of the sub-flow of the connection and a second flow direction opposite the first flow direction of the sub-flow of the connection, and provide the snoop header comprising the flow signature information and the transformation information to the hardware component for incorporation into the flow cache table for further processing of the one or more data packets associated with the sub-flow; and when the determining indicates that the flow entry does exist in the flow cache table, the hardware component performs the following actions; obtain the flow signature information and the transformation information from the flow cache table, transform the one or more data packets using at least one of the flow signature information and the transformation information, and transmit the one or more transformed data packets through the sub-flow of the connection associated with the one or more data packets. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A network traffic management device, comprising a hardware component configured for processing packets, one or more processors, and a software component, wherein:
-
the hardware component comprises configurable hardware logic configured to; receive one or more data packets associated with a sub-flow within a connection containing at least two sub-flows wherein each sub-flow is associated with a direction within the connection; determine when a flow entry exists in a flow cache table of the hardware component for a sub-flow associated with the one or more data packets; and the software component comprises memory comprising programmed instructions stored thereon and the one or more processors are configured to be capable of executing the stored programmed instructions to, when the determining indicates that the flow entry does not exist in the flow cache table; generate a snoop header for the one or more data packets that comprises flow signature information comprising a flow signature entry and transformation information comprising a transformation data entry for each of a first flow direction of the sub-flow of the connection and a second flow direction opposite the first flow direction of the sub-flow of the connection, and provide the snoop header comprising the flow signature information and the transformation information to the hardware component for incorporation into the flow cache table for further processing of the one or more data packets associated with the sub-flow; and the configurable hardware logic component is further configured to, when the determining indicates that the flow entry does exist in the flow cache table; obtain the flow signature information and the transformation information from the flow cache table, transform the one or more data packets using at least one of the flow signature information and the transformation information, and transmit the one or more transformed data packets through the sub-flow of the connection associated with the one or more data packets. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium having stored thereon instructions for processing network packets comprising executable code which when executed by one or more processors, causes the one or more processors to, when a hardware component determines that a flow entry does not exist in a flow cache table:
-
generate a snoop header for the one or more data packets that comprises flow signature information comprising a flow signature entry and transformation information comprising a transformation data entry for each of a first flow direction of the sub-flow of the connection and a second flow direction opposite the first flow direction of the sub-flow of the connection, and provide the snoop header comprising the flow signature information and the transformation information to the hardware component for incorporation into the flow cache table for further processing of the one or more data packets associated with the sub-flow, wherein the hardware component comprises configurable hardware logic configured to, when the hardware component determines that the flow entry does exist in the flow cache table; obtain the flow signature information and the transformation information from the flow cache table, transform the one or more data packets using at least one of the flow signature information and the transformation information, and transmit the one or more transformed data packets through the sub-flow of the connection associated with the one or more data packets. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification