METHOD AND APPARATUS FOR COMPRESSION OF DATA ON STORAGE UNITS USING DEVICES INSIDE A STORAGE AREA NETWORK FABRIC

US 20090185678A1
Filed: 03/31/2009
Published: 07/23/2009
Est. Priority Date: 10/31/2002
Status: Active Grant

First Claim

Patent Images

1. A device for use with two fabrics, the device which resides in a first fabric and connected to a second device which resides in a second fabric using a link, and a storage unit which resides in the first fabric, with frames being transmitted over the fabrics, the frames including a header and a payload, and the payload including a storage header and a storage payload, the device comprising:

a first port for coupling to the first fabric;

a second port for connecting to the link;

receive logic coupled to said port to receive a frame addressed from a storage unit to be routed over the link;

mathematical operation logic coupled to said receive logic to perform mathematical operations on the payload of said received frame;

decryption logic coupled to said mathematical operation logic to perform decryption operations on said storage payload and not on said storage header; and

transmit logic coupled to said decryption logic and said second port to provide said mathematically operated and at least partially decrypted frame to said second port for transmission over the link.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The capability to encrypt or compress the traffic over network links, thus improving the security of the link on the performance of the links, and the capability to encrypt/decrypt data stored on the storage devices without requiring specialized hosts or storage devices. In a first embodiment, traffic to be routed over a selected link needing encryption and/or compression is routed to hardware which performs the encryption and/or compression and returned for transmission over the link. A complementary unit at the second end of the link routes the received frames to complementary hardware to perform the decryption and/or decompression. The recovered frames are then routed to the target device in a normal fashion. In a variation of this first embodiment the hardware is developed using an FPGA. This allows simple selection of the desired feature or features present in the switch. The switch can be easily configured to perform encryption, compression or both, allowing great flexibility to a system administrator. In a second embodiment frames can be encrypted by a switch and then provided to the storage device in this encrypted manner. The frames from the storage device are decrypted before provision to the requesting host. By performing the encryption and decryption in the switch, conventional hosts and storage devices can be utilized.

34 Citations

View as Search Results

50 Claims

1. A device for use with two fabrics, the device which resides in a first fabric and connected to a second device which resides in a second fabric using a link, and a storage unit which resides in the first fabric, with frames being transmitted over the fabrics, the frames including a header and a payload, and the payload including a storage header and a storage payload, the device comprising:
- a first port for coupling to the first fabric;
  
  a second port for connecting to the link;
  
  receive logic coupled to said port to receive a frame addressed from a storage unit to be routed over the link;
  
  mathematical operation logic coupled to said receive logic to perform mathematical operations on the payload of said received frame;
  
  decryption logic coupled to said mathematical operation logic to perform decryption operations on said storage payload and not on said storage header; and
  
  transmit logic coupled to said decryption logic and said second port to provide said mathematically operated and at least partially decrypted frame to said second port for transmission over the link.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The device of claim 1, wherein said mathematical operation is decryption.
  - 3. The device of claim 1, wherein said mathematical operation is decompression.
  - 4. The device of claim 1, wherein said mathematical operation is decryption and decompression.
  - 5. The device of claim 1, wherein there is a third device which resides in the first fabric, the third device connectable to the device using a second link, the device further comprising:
    - a third port for connecting to the second link; and
      
      second transmit logic coupled to said decryption logic and said third port for providing said mathematically operated and at least partially decrypted frame to said third port for transmission over the second link;
      
      wherein said decryption logic selects said transmit logic or said second transmit logic.

6. A device for use with two fabrics, the device which resides in a first fabric and being connected to a second device which resides in a second fabric using a link, and a storage unit which resides in the first fabric, with frames being transmitted over the fabrics, the frames including a header and a payload, and the payload including a storage header and a storage payload, the device comprising:
- a first port for coupling to the first fabric;
  
  a second port for connecting to the link;
  
  receive logic coupled to said second port to receive a frame addressed to a storage unit over the link;
  
  mathematical operation logic coupled to said receive logic to perform mathematical operations on the payload of said received frame;
  
  encryption logic coupled to said mathematical operation logic to perform encryption operations on said storage payload and not on said storage header; and
  
  transmit logic coupled to said encryption logic and said first port to provide said mathematically operated and at least partially encrypted frame to said first port for transmission to the fabric.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The device of claim 6, wherein said mathematical operation is decryption.
  - 8. The device of claim 6, wherein said mathematical operation is decompression.
  - 9. The device of claim 6, wherein said mathematical operation is decryption and decompression.
  - 10. The device of claim 6, wherein there is a third device which resides in the first fabric, the third device connectable to the device using a second link, the device further comprising:
    - a third port for connecting to the second link; and
      
      receive logic coupled to said third port and said mathematical operation logic for receiving a frame over the second link and providing said frame to said mathematical operation logic.

11. A device for use with two fabrics, the device which resides in a first fabric and being connected to a second device which resides in a second fabric using a link, and a storage unit which resides in the first fabric, with frames being transmitted over the fabrics, the frames including a header and a payload, and the payload including a storage header and a storage payload, the device comprising:
- a first port for coupling to the first fabric;
  
  a second port for connecting to the link;
  
  receive logic coupled to said first port to receive a frame addressed from a storage unit to be routed over the link;
  
  receive logic coupled to said second port to receive a frame addressed to the storage unit over the link;
  
  mathematical operation logic coupled to said receive logic to perform mathematical operations on the payload of said received frame;
  
  encryption and decryption logic coupled to said mathematical operation logic to perform encryption operations on said storage payload of frame information in said received frame and not on said storage header for frames addressed to a storage unit, and to perform decryption operations on said storage payload of frame information in said received frame and not on said storage header for frames addressed from a storage unit;
  
  transmit logic coupled to said encryption and decryption logic and said second port to provide said mathematically operated and at least partially decrypted frame to said second port for transmission over the link for frames received at said first port; and
  
  transmit logic coupled to said encryption and decryption logic and said first port to provide said mathematically operated and at least partially encrypted frame to said first port for transmission to the fabric for frames received at said second port.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The device of claim 11, wherein said mathematical operation is decryption.
  - 13. The device of claim 11, wherein said mathematical operation is decompression.
  - 14. The device of claim 11, wherein said mathematical operations are decryption and decompression.
  - 15. The device of claim 11, wherein there is a third device which resides in the first fabric, the third device connectable to the device using a second link, the device further comprising:
    - a third port for connecting to the second link;
      
      second transmit logic coupled to said encryption and decryption logic and said third port for providing said mathematically operated, and at least partially encrypted or at least partially decrypted frame to said third port for transmission over the second link; and
      
      receive logic coupled to said third port and said mathematical operation logic for receiving a frame over the second link and providing said frame to said mathematical operation logic;
      
      wherein said encryption and decryption logic selects said first transmit logic or said second transmit logic for frames received by said first port; and
      
      wherein said first port providing transmit logic further provides said mathematically operated, and at least partially encrypted or at least partially decrypted frame to said first port for frames received at said third port.

16. Two fabrics with frames being transmitted over the two fabrics, the frames including a header and a payload, and the payload including a storage header and a storage payload, the two fabrics comprising:
- a device which resides in the first fabric;
  
  a second device which resides in the second fabric; and
  
  a link connecting said device and said second device, wherein said device includes;
  
  a first port for coupling to the first fabric;
  
  a second port for connecting to said link;
  
  receive logic coupled to said port to receive a frame addressed from a storage unit to be routed over said link;
  
  mathematical operation logic coupled to said receive logic to perform mathematical operations on the payload of said received frame;
  
  decryption logic coupled to said mathematical operation logic to perform decryption operations on said storage payload and not on said storage header; and
  
  transmit logic coupled to said decryption logic and said second port to provide said mathematically operated and at least partially decrypted frame to said second port for transmission over said link.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The two fabrics of claim 16, wherein said mathematical operation is decryption.
  - 18. The two fabrics of claim 16, wherein said mathematical operation is decompression.
  - 19. The two fabrics of claim 16, wherein said mathematical operation is decryption and decompression.
  - 20. The two fabrics of claim 16, wherein there is a third device which resides in the first fabric, the third device connectable to said device using a second link, said device further including:
    - a third port for connecting to the second link; and
      
      second transmit logic coupled to said decryption logic and said third port for providing said mathematically operated and at least partially decrypted frame to said third port for transmission over the second link;
      
      wherein said decryption logic selects said transmit logic or said second transmit logic.

21. Two fabrics with frames being transmitted over the two fabrics, the frames including a header and a payload, and the payload including a storage header and a storage payload, the two fabrics comprising:
- a device which resides in the first fabric;
  
  a second device which resides in the second fabric; and
  
  a link connecting said device and said second device, wherein said device includes;
  
  a first port for coupling to the first fabric;
  
  a second port for connecting to said link;
  
  receive logic coupled to said second port to receive a frame addressed to a storage unit over said link;
  
  mathematical operation logic coupled to said receive logic to perform mathematical operations on the payload of said received frame;
  
  encryption logic coupled to said mathematical operation logic to perform encryption operations on said storage payload and not on said storage header; and
  
  transmit logic coupled to said encryption logic and said first port to provide said mathematically operated and at least partially encrypted frame to said first port for transmission to the fabric.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The two fabrics of claim 21, wherein said mathematical operation is decryption.
  - 23. The two fabrics of claim 21, wherein said mathematical operation is decompression.
  - 24. The two fabrics of claim 21, wherein said mathematical operation is decryption and decompression.
  - 25. The two fabrics of claim 21, wherein there is a third device which resides in the first fabric, the third device connectable to said device using a second link, said device further including:
    - a third port for connecting to the second link; and
      
      receive logic coupled to said third port and said mathematical operation logic for receiving a frame over the second link and providing said frame to said mathematical operation logic.

26. Two fabrics with frames being transmitted over the two fabrics, the frames including a header and a payload, and the payload including a storage header and a storage payload, the two fabrics comprising:
- a device which resides in the first fabric;
  
  a second device which resides in the second fabric; and
  
  a link connecting said device and said second device, wherein said device includes;
  
  a first port for coupling to the first fabric;
  
  a second port for connecting to said link;
  
  receive logic coupled to said first port to receive a frame addressed from a storage unit to be routed over said link;
  
  receive logic coupled to said second port to receive a frame addressed to a storage unit over said link;
  
  mathematical operation logic coupled to said receive logic to perform mathematical operations on the payload of said received frame;
  
  encryption and decryption logic coupled to said mathematical operation logic to perform encryption operations on said storage payload of frame information in said received frame and not on said storage header for frames addressed to a storage unit, and to perform decryption operations on said storage payload of frame information in said received frame and not on said storage header for frames addressed from a storage unit;
  
  transmit logic coupled to said encryption and decryption logic and said second port to provide said mathematically operated and at least partially decrypted frame to said second port for transmission over said link for frames received at said first port; and
  
  transmit logic coupled to said encryption and decryption logic and said first port to provide said mathematically operated and at least partially encrypted frame to said first port for transmission to the fabric for frames received at said second port.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The two fabrics of claim 26, wherein said mathematical operation is decryption.
  - 28. The two fabrics of claim 26, wherein said mathematical operation is decompression.
  - 29. The two fabrics of claim 26, wherein said mathematical operations are decryption and decompression.
  - 30. The two fabrics of claim 26, wherein there is a third device which resides in the first fabric, the third device connectable to said device using a second link, said device further including:
    - a third port for connecting to the second link;
      
      second transmit logic coupled to said encryption and decryption logic and said third port for providing said mathematically operated, and at least partially encrypted or at least partially decrypted frame to said third port for transmission over the second link; and
      
      receive logic coupled to said third port and said mathematical operation logic for receiving a frame over the second link and providing said frame to said mathematical operation logic;
      
      wherein said encryption and decryption logic selects said transmit logic or said second transmit logic for frames received by said first port; and
      
      wherein said first port providing transmit logic further provides said mathematically operated, and at least partially encrypted or at least partially decrypted frame to said first port for frames received at said third port.

31. A network comprising:
- a host;
  
  a storage unit; and
  
  two fabrics with frames being transmitted over said two fabrics, the frames including a header and a payload, and the payload including a storage header and a storage payload, one or both of said two fabrics connecting said host and said storage unit, said two fabrics including;
  
  a device which resides in said first fabric;
  
  a second device which resides in said second fabric; and
  
  a link connecting said device and said second device, wherein said device includes;
  
  a first port for coupling to said first fabric;
  
  a second port for connecting to said link;
  
  receive logic coupled to said port to receive a frame addressed from the storage unit to be routed over said link;
  
  mathematical operation logic coupled to said receive logic to perform mathematical operations on the payload of said received frame;
  
  decryption logic coupled to said mathematical operation logic to perform decryption operations on said storage payload and not on said storage header; and
  
  transmit logic coupled to said decryption logic and said second port to provide said mathematically operated and at least partially decrypted frame to said second port for transmission over said link.
- View Dependent Claims (32, 33, 34, 35)
- - 32. The network of claim 31, wherein said mathematical operation is decryption.
  - 33. The network of claim 31, wherein said mathematical operation is decompression.
  - 34. The network of claim 31, wherein said mathematical operation is decryption and decompression.
  - 35. The network of claim 31, further comprising:
    - a third device which resides in said first fabric, said third device connectable to said device using a second link, said device further including;
      
      a third port for connecting to said second link; and
      
      second transmit logic coupled to said decryption logic and said third port for providing said mathematically operated and at least partially decrypted frame to said third port for transmission over said second link;
      
      wherein said decryption logic selects said transmit logic or said second transmit logic.

36. A network comprising:
- a host;
  
  a storage unit; and
  
  two fabrics with frames being transmitted over said two fabrics, the frames including a header and a payload, and the payload including a storage header and a storage payload, one or both of said two fabrics connecting said host and said storage unit, said two fabrics including;
  
  a device which resides in said first fabric;
  
  a second device which resides in said second fabric; and
  
  a link connecting said device and said second device, wherein said device includes;
  
  a first port for coupling to said first fabric;
  
  a second port for connecting to said link;
  
  receive logic coupled to said second port to receive a frame addressed to a storage unit over said link;
  
  mathematical operation logic coupled to said receive logic to perform mathematical operations on the payload of said received frame;
  
  encryption logic coupled to said mathematical operation logic to perform encryption operations on said storage payload and not on said storage header; and
  
  transmit logic coupled to said encryption logic and said first port to provide said mathematically operated and at least partially encrypted frame to said first port for transmission to said fabric.
- View Dependent Claims (37, 38, 39, 40)
- - 37. The network of claim 36, wherein said mathematical operation is decryption.
  - 38. The network of claim 36, wherein said mathematical operation is decompression.
  - 39. The network of claim 36, wherein said mathematical operation is decryption and decompression.
  - 40. The network of claim 36, further comprising:
    - a third device which resides in said first fabric, said third device connectable to said device using a second link, said device further including;
      
      a third port for connecting to said second link; and
      
      receive logic coupled to said third port and said mathematical operation logic for receiving a frame over said second link and providing said frame to said mathematical operation logic.

41. A network comprising:
- a host;
  
  a storage unit; and
  
  two fabrics with frames being transmitted over said two fabrics, the frames including a header and a payload, and the payload including a storage header and a storage payload, said two fabrics connecting said host and said storage unit, said two fabrics including;
  
  a device which resides in said first fabric;
  
  a second device which resides in said second fabric; and
  
  a link connecting said device and said second device, wherein said device includes;
  
  a first port for coupling to said first fabric;
  
  a second port for connecting to said link;
  
  receive logic coupled to said first port to receive a frame addressed from a storage unit to be routed over said link;
  
  receive logic coupled to said second port to receive a frame addressed to a storage unit over said link;
  
  mathematical operation logic coupled to said receive logic to perform mathematical operations on the payload of said received frame;
  
  encryption and decryption logic coupled to said mathematical operation logic to perform encryption operations on said storage payload of frame information in said received frame and not on said storage header for frames addressed to a storage unit, and to perform decryption operations on said storage payload of frame information in said received frame and not on said storage header for frames addressed from a storage unit;
  
  transmit logic coupled to said encryption and decryption logic and said second port to provide said mathematically operated and at least partially decrypted frame to said second port for transmission over said link for frames received at said first port; and
  
  transmit logic coupled to said encryption and decryption logic and said first port to provide said mathematically operated and at least partially encrypted frame to said first port for transmission to the fabric for frames received at said second port.
- View Dependent Claims (42, 43, 44, 45)
- - 42. The network of claim 41, wherein said mathematical operation is decryption.
  - 43. The network of claim 41, wherein said mathematical operation is decompression.
  - 44. The network of claim 41, wherein said mathematical operations are decryption and decompression.
  - 45. The network of claim 41, further comprising:
    - a third device which resides in said first fabric, said third device connectable to said device using a second link, said device further including;
      
      a third port for connecting to said second link;
      
      second transmit logic coupled to said encryption and decryption logic and said third port for providing said mathematically operated, and at least partially encrypted or partially decrypted frame to said third port for transmission over said second link; and
      
      receive logic coupled to said third port and said mathematical operation logic for receiving a frame over the second link and providing said frame to said mathematical operation logic;
      
      wherein said encryption and decryption logic selects said transmit logic or said second transmit logic for frames received by said first port; and
      
      wherein said first port providing transmit logic further provides said mathematically operated, and at least partially encrypted or partially decrypted frame to said first port for frames received at said third port.

46. A method of operating a device for use with two fabrics, the device which resides in a first fabric and being connected to a second device in a second fabric using a link, with frames being transmitted over the two fabrics, the frames including a header and a payload, and the payload including a storage header and a storage payload, the device having a first port for coupling to the first fabric and a second port for connecting to the link, the method comprising:
- receiving at the first port a first frame to be routed over the link;
  
  receiving at the second port a second frame over the link;
  
  performing mathematical operations on the payload of said first and second frames;
  
  decrypting the storage payload of the first frame, and not the storage header of the first frame;
  
  encrypting the storage payload of the second frame, and not the storage header of the second frame;
  
  providing said mathematically operated and at least partially decrypted frame to said second port for transmission over the link for frames received at said first port; and
  
  providing said mathematically operated and at least partially encrypted frame to said first port for transmission to the fabric for frames received at said second port.
- View Dependent Claims (47, 48, 49, 50)
- - 47. The method of claim 46, wherein said mathematical operation is decryption.
  - 48. The method of claim 46, wherein said mathematical operation is decompression.
  - 49. The method of claim 46, wherein said mathematical operations are decryption and decompression.
  - 50. The method of claim 46, wherein there is a third device which resides in the first fabric, the third device connectable to the device using a second link, the device having a third port for connecting to the second link, the method further comprising:
    - providing said mathematically operated and at least partially decrypted frame to said third port for transmission over the second link; and
      
      receiving a frame over the second link and providing said frame to said mathematical operations means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Brocade Communications Systems, Inc. (Broadcom, Inc.)
Inventors
Isip, L. Vincent M., Walter, Richard A.

Granted Patent

US 8,041,941 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/28
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/0485 Networking architectures fo...

METHOD AND APPARATUS FOR COMPRESSION OF DATA ON STORAGE UNITS USING DEVICES INSIDE A STORAGE AREA NETWORK FABRIC

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

50 Claims

Specification

Use Cases

Quick Links

Others

METHOD AND APPARATUS FOR COMPRESSION OF DATA ON STORAGE UNITS USING DEVICES INSIDE A STORAGE AREA NETWORK FABRIC

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

50 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others