Virtualizing the operation of intelligent network interface circuitry

US 7,924,840 B1
Filed: 12/22/2009
Issued: 04/12/2011
Est. Priority Date: 01/12/2006
Status: Active Grant

First Claim

Patent Images

1. A method of operating network interface circuitry, wherein the network interface circuitry is configured to couple a host computer to a network to facilitate communication over the network between the host computer and a peer, the method comprising:

by the network interface circuitry,receiving data from the peer via the network; and

processing the received data, including;

where there is a layer-2 classification rule associated with characteristics of the received data, automatically applying the classification rule to the received data to determine an indication of a control block corresponding to a guest operating system operating within a virtual environment on the host computer;

using the determined indication of the control block to determine, from information in the control block, an indication of a destination queue associated with the host computer and corresponding to the guest operating system; and

demultiplexing the received layer-2 packets according to the determined indications of the destination queues associated with the host computer.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is in the field of virtualization of Network Interface Cards and Controllers (NIC) that connect to for example a host computer that can have multiple functions and OS'"'"'s (referred to as guest functions and guest-OS'"'"'s) running on it simultaneously and, in particular, relates to the virtualization of the operation of a single NIC such that it can be used simultaneously by multiple guests in such a manner that memory references due to the network traffic originating from and destined to a particular guest is kept separate from other network traffic, and that allows the Media Access Controller (MAC) within the NIC to operate such that it only accepts network packets that are destined to one of the guest-functions or guest-OS'"'"'s, and the MAC is not required to operate in promiscuous mode where it accept all incoming packets in order to implement the virtualization features.

163 Citations

22 Claims

1. A method of operating network interface circuitry, wherein the network interface circuitry is configured to couple a host computer to a network to facilitate communication over the network between the host computer and a peer, the method comprising:
- by the network interface circuitry,receiving data from the peer via the network; and
  
  processing the received data, including;
  
  where there is a layer-2 classification rule associated with characteristics of the received data, automatically applying the classification rule to the received data to determine an indication of a control block corresponding to a guest operating system operating within a virtual environment on the host computer;
  
  using the determined indication of the control block to determine, from information in the control block, an indication of a destination queue associated with the host computer and corresponding to the guest operating system; and
  
  demultiplexing the received layer-2 packets according to the determined indications of the destination queues associated with the host computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - applying to the received data a layer-3 classification rule associated with characteristics of the received data, thereby filtering ingress packets that have layer-2 characteristics not consistent with the layer-3 characteristics.
  - 3. The method of claim 2, further comprising:
    - applying to the received data a VLAN classification rule associated with characteristics of the received data, thereby filtering ingress packets that have layer-2 characteristics and layer-3 characteristics that are not consistent with the VLAN characteristics.
  - 4. The method of claim 2, further comprising:
    - applying to the received data a layer-4 classification rule associated with characteristics of the received data, thereby filtering ingress packets that have layer-2 and layer-3 characteristics not consistent with the layer-4 characteristics.
  - 5. The method of claim 4, wherein:
    - the layer-4 protocol is TCP and the received data includes a TCP SYN flag.
  - 6. The method of claim 5, wherein:
    - the layer-4 classification rule is associated with at least the local TCP port number in the received data.
  - 7. The method of claim 4, further comprising:
    - applying to the received data a VLAN classification rule associated with characteristics of the received data, thereby filtering ingress packets that have layer-2 characteristics, layer-3 characteristics and layer-4 characteristics that are not consistent with the VLAN characteristics.

8. A method of operating network interface circuitry, wherein the network interface circuitry is configured to couple a host computer, executing a plurality of guest functions, to a network to facilitate communication over the network between the host computer and a peer, the method comprising:
- by the network interface circuitry,receiving data packets from the peer via the network; and
  
  processing the received data packets, including;
  
  for each data packet, processing a classification rule associated with characteristics of the received data packet and automatically applying the classification rule to the received data packet to determine an indication of a control block corresponding to a guest function operating within a virtual environment on the host computer;
  
  using the determined indication of the control block to determine, from the control block, an indication of a behavior to apply to the received data packet; and
  
  applying the determined indicated behavior to the received data packet.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 9. The method of claim 8, wherein:
    - the received data packets are network layer packets encapsulating packets at a higher layer than the network layer, andthe method further comprises initially applying, to the received data packets, a classification rule associated with characteristics of the received data at the network layer, thereby filtering received data packets that have higher layer characteristics not consistent with the network layer characteristics, whereby the initially applying precludes a need to determine an indication of a control block for data packets having higher layer characteristics not consistent with the network layer characteristics.
  - 10. The method of claim 9, wherein:
    - the received data packets are network layer packets encapsulating packets at a higher layer than the network layerprocessing the classification rule associated with characteristics of the received data packets and automatically applying the classification rule to the received data packets to determine at least one set of at least one destination queue associated with the host computer includes classifying the packets according to a network layer header and at least one header associated with the higher layer.
  - 11. The method of claim 8, wherein:
    - the received data packets are network layer packets encapsulating packets at a higher layer than the network layer; and
      
      the method further comprises performing protocol processing at the higher layer within the network interface circuitry.
  - 12. The method of claim 8, wherein:
    - applying the determined indicated behavior to the received data packet includes demultiplexing the received data packets according to separate destination queues associated with the host computer includes directly placing at least a portion of a received packet into memory associated with the separate guest function with which the separate destination queue is associated.
  - 13. The method of claim 8, wherein:
    - the host computer is executing a virtual operating system on top of which a plurality of operating system instances are executing, each operating system instance being an instance of a guest-OS having at least one of the guest-functions associated therewith;
      
      at least one of the set of destination queues is associated with the virtual operating system; and
      
      the classification rules are such that broadcast and/or multiplex packets are demultiplexed according to the at least one of the set of destination queues that is associated with the virtual operating system.
  - 14. The method of claim 13, wherein:
    - for at least one of the guest-OS instances, that guest-OS instance is itself a guest-function associated with that guest-OS instance.
  - 15. The method of claim 13, wherein:
    - the classification rules are further such that the demultiplexing operation includes providing an indication of at least a particular one of the plurality of guest-functions.
  - 16. The method of claim 8, wherein:
    - the classification rules are such that broadcast and/or multicast packets are demultiplexed according to the sets of destination queues configured to receive the broadcast and/or multicast packets.
  - 17. The method of claim 16, wherein:
    - the classification rules are such that multicast packets, which cannot be demultiplexed to at least one set of destination queues configured to receive the multicast packets, are filtered.
  - 18. The method of claim 8, further comprising:
    - for at least one of the destination queues, controlling a rate at which the data is provided from that destination queue to the host.

19. A method of operating network interface circuitry, wherein the network interface circuitry is configured to couple a host computer, executing at least one operating system, to a network to facilitate communication over the network between the host computer and at least one peer, the method comprising:
- by the network interface circuitry, receiving data from a plurality of guest functions operating on the host in conjunction with the at least one operating system;
  
  processing the received data and classifying the received data at least based on from which guest function a particular portion of the received data was received; and
  
  transmitting data including the received data out to the network at a nominal rate associated with the class with which the received data has been classified, wherein controlling the nominal rate of transmitting the data out to the network is based on managing transmit modulation event tokens corresponding to the class with which the nominal rate is associated.

20. A method of operating network interface circuitry, wherein the network interface circuitry is configured to couple a host computer, executing a plurality of guest operating system instances, each guest operating system instance having associated with it at least one guest function, to a network to facilitate communication over the network between the host computer and a peer, the method comprising:
- by the network interface circuitry, receiving data from the guest functions;
  
  processing the data and classifying the data at least based on from which guest function a particular portion of the data was received;
  
  transmitting the data out to the network at a nominal rate associated with the class with which the data has been classified, wherein controlling the nominal rate of transmitting the data out to the network is based on managing transmit modulation event tokens corresponding to the class with which the nominal rate is associated.
- View Dependent Claims (21)
- - 21. The method of claim 20, wherein:
    - for at least one of the guest functions, that guest function is a guest operating system instance.

22. A network interface controller configured to couple a host computer to a network to facilitate communication over the network between the host computer and a peer, the network interface controller comprising:
- means for receiving data from the peer via the network; and
  
  means for processing the received data, including;
  
  where there is a layer-2 classification rule associated with characteristics of the received data, automatically applying the classification rule to the received data to determine an indication of a control block corresponding to a guest operating system operating within a virtual environment on the host computer;
  
  means for using the determined indication of the control block to determine, from information in the control block, an indication of a destination queue associated with the host computer and corresponding to the guest operating system; and
  
  means for demultiplexing the received layer-2 packets according to the determined indications of the destination queues associated with the host computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Chelsio Communications Incorporated
Original Assignee
Chelsio Communications Incorporated
Inventors
Noureddine, Wael, Eiriksson, Asgeir Thor, Michailidis, Dimitrios
Primary Examiner(s)
CHO, HONG SOL

Application Number

US12/645,324
Time in Patent Office

476 Days
Field of Search

370/389, 370/392, 370/400, 370/401, 370/412, 370/469
US Class Current

370/392
CPC Class Codes

H04L 12/18   for broadcast or conference...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 12/4645   Details on frame tagging ro...

H04L 49/901   using storage descriptor, e...

Virtualizing the operation of intelligent network interface circuitry

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

163 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Virtualizing the operation of intelligent network interface circuitry

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

163 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links