Network interface decryption and classification technique
First Claim
Patent Images
1. A system, comprising:
- a physical network interface card, operatively connected to a network, comprising a plurality of receive rings, and configured to;
receive at least one packet from the network,determine whether the at least one packet is encrypted, andupon determining that the at least one packet is encrypted,decrypt the at least one packet to obtain at least one decrypted packet,classify the at least one decrypted packet to obtain at least one classified packet, anddirect the at least one classified data packet to at least one of the plurality of receive rings; and
a host system, operatively connected to the physical network interface card, comprising a plurality of virtual serialization queues and a plurality of virtual network interface cards operatively connected to the plurality of virtual serialization queues,wherein each of the plurality of virtual network interface cards is associated with a distinct internet protocol (IP) address,wherein each of the plurality of virtual network interface cards is associated with at least one of the plurality of receive rings, andwherein each of the plurality of virtual serialization queues is arranged to receive data packets from at least one of the plurality of receive rings.
2 Assignments
0 Petitions
Accused Products
Abstract
Encrypted data packets are received by a network interface card. The network interface card, upon determining that the received data packets are encrypted, directs the encrypted data packets to decryption hardware in the network interface card. The decryption hardware decrypts the encrypted data packets and forwards the decrypted data packets to a hardware classifier that classifies the decrypted data packets and directs the classified decrypted data packets to the appropriate receive resource(s) of the network interface card.
-
Citations
15 Claims
-
1. A system, comprising:
-
a physical network interface card, operatively connected to a network, comprising a plurality of receive rings, and configured to; receive at least one packet from the network, determine whether the at least one packet is encrypted, and upon determining that the at least one packet is encrypted, decrypt the at least one packet to obtain at least one decrypted packet, classify the at least one decrypted packet to obtain at least one classified packet, and direct the at least one classified data packet to at least one of the plurality of receive rings; and a host system, operatively connected to the physical network interface card, comprising a plurality of virtual serialization queues and a plurality of virtual network interface cards operatively connected to the plurality of virtual serialization queues, wherein each of the plurality of virtual network interface cards is associated with a distinct internet protocol (IP) address, wherein each of the plurality of virtual network interface cards is associated with at least one of the plurality of receive rings, and wherein each of the plurality of virtual serialization queues is arranged to receive data packets from at least one of the plurality of receive rings. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of processing network traffic, comprising:
-
receiving a data packet from a network; determining whether the received data packet is encrypted; and upon determining that the received data packet is encrypted, decrypting the received data packet in hardware of a physical network interface card, classifying the decrypted data packet, directing the decrypted data packet to one of a plurality of receive rings of the physical network interface card based on the classifying, directing the decrypted data packet in the one of a plurality of receive rings to one of a plurality of virtual network interface cards included in a host system, and directing the decrypted data packet in the one of the plurality of virtual network interface cards to one of a plurality of virtual serialization queues included in the host system, wherein each of the plurality of virtual network interface cards is associated with a distinct internet protocol (IP) address, wherein each of the plurality of virtual network interface cards is associated with at least one of the plurality of receive rings, and wherein each of the plurality of virtual network interface cards is associated with a respective one of the virtual serialization queues. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer readable storage medium having software instructions embodied therein, the software instructions adapted to be executed to implement a method of processing network traffic, the method comprising:
-
receiving a data packet from a network; determining whether the received data packet is encrypted; and upon determining that the received data packet is encrypted, decrypting the received data packet in hardware of a physical network interface card, classifying the decrypted data packet, directing the decrypted data packet to one of a plurality of receive rings of the physical network interface card based on the classifying, directing the decrypted data packet in the one of a plurality of receive rings to one of a plurality of virtual network interface cards included in a host system, and directing the decrypted data packet in the one of the plurality of virtual network interface cards to one of a plurality of virtual serialization queues included in the host system, wherein each of the plurality of virtual network interface cards is associated with a distinct internet protocol (IP) address, wherein each of the plurality of virtual network interface cards is associated with at least one of the plurality of receive rings, and wherein each of the plurality of virtual network interface cards is associated with a respective one of the virtual serialization queues. - View Dependent Claims (15)
-
Specification