System and method for data center security enhancements leveraging server SOCs or server fabrics

US 9,749,326 B2
Filed: 11/23/2016
Issued: 08/29/2017
Est. Priority Date: 10/30/2009
Status: Active Grant

First Claim

Patent Images

1. A server system-on-a-chip device comprising:

a management processor configured to transmit one or more frames;

a routing header unit connected to the management processor, wherein the routing header unit is configured to set a management domain bit in a routing header of the one or more frames, and wherein the management domain bit comprises an identifier that indicates a particular network domain for which the routing header unit belongs and indicates access to a management domain; and

a fabric switch connected to the routing header unit and to a plurality of external ports, wherein the fabric switch is configured to perform packet processing based, at least in part, on the management domain bit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data center security system and method are provided that leverage server systems on a chip (SOCs) and/or server fabrics. In more detail, server interconnect fabrics may be leveraged and extended to dramatically improve security within a data center.

Citations

20 Claims

1. A server system-on-a-chip device comprising:
- a management processor configured to transmit one or more frames;
  
  a routing header unit connected to the management processor, wherein the routing header unit is configured to set a management domain bit in a routing header of the one or more frames, and wherein the management domain bit comprises an identifier that indicates a particular network domain for which the routing header unit belongs and indicates access to a management domain; and
  
  a fabric switch connected to the routing header unit and to a plurality of external ports, wherein the fabric switch is configured to perform packet processing based, at least in part, on the management domain bit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The device of claim 1, further comprising a media access control (MAC) unit connected to the fabric switch, wherein the MAC unit is configured to only accept frames having the management domain bit.
  - 3. The device of claim 2, wherein the management domain bit further indicates a fabric domain to which the management processor belongs, and wherein the MAC unit is assigned the fabric domain.
  - 4. The device of claim 3, wherein the fabric domain is configured to provide a trusted communication channel between multiple management processors.
  - 5. The device of claim 3, wherein the fabric domain is set to zero.
  - 6. The device of claim 5, further comprising a plurality of application processors and a plurality of MAC units associated with respective application processors, wherein the plurality of MAC units associated with the respective application processors do not have management domain bits set, and wherein the plurality of MAC units associated with the respective application processors have a non-zero fabric domain.
  - 7. The device of claim 5, further comprising another routing header unit associated with an outgoing MAC unit, wherein the other routing header unit is configured to tag and only accept frames having management domain bits that indicate the fabric domain of zero.
  - 8. The device of claim 1, further comprising a plurality of application processors and a plurality of MAC units associated with respective application processors, wherein the plurality of MAC units do not have management domain bits set.
  - 9. The device of claim 1, wherein the routing header unit is configured to prepend routing heads to packets generated by an associated MAC unit, and wherein the routing heads include the management domain identifier associated with the associated MAC unit.
  - 10. The device of claim 1, wherein the fabric switch is further configured to stop a packet that has been assigned a default domain identifier.

11. A method comprising:
- interconnecting a plurality of nodes with a plurality of links to form a server fabric, wherein each of the plurality of nodes includes;
  
  a management processor configured to transmit data packets;
  
  a routing header unit connected to the management processor, wherein the routing header unit is configured to set a management domain bit in a routing header for the data packets, and wherein the management domain bit comprises an identifier that indicates a particular network domain for which the routing header unit belongs and indicates access to a management domain; and
  
  a fabric switch connected to the routing header unit and to a plurality of external ports, wherein the fabric switch is configured to perform packet processing based, at least in part, on the management domain bit;
  
  generating data packets at a media access control (MAC) unit associated with the management processor; and
  
  routing, by the fabric switch, the data packets in the server fabric based, at least in part, on the management domain identifier.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, wherein said routing the data packets comprises routing the data packets to another MAC unit, and wherein the other MAC unit is configured to only accept data packets having a header with the management domain bit.
  - 13. The method of claim 12, wherein the management domain bit further indicates a fabric domain to which the management processor belongs, and wherein the MAC unit is assigned the fabric domain.
  - 14. The method of claim 13, wherein the fabric domain is set to zero.
  - 15. The method of claim 14, further comprising tagging and only accepting, by another routing header unit, frames having management domain bits that indicate the fabric domain of zero.
  - 16. The method of claim 11, further comprising prepending, by the routing header unit, routing heads to the data packets, wherein the routing heads include the management domain identifier associated with the MAC unit.
  - 17. The method of claim 11, further comprising stopping, by the fabric switch, a packet that has been assigned a default domain identifier.

18. A system comprising:
- a plurality of nodes, wherein each node in the plurality of nodes includes;
  
  a management processor configured to transmit one or more frames;
  
  a routing header unit connected to the management processor, wherein the routing header unit is configured to set a management domain bit in a routing header of the one or more frames, and wherein the management domain bit comprises an identifier that indicates a particular network domain for which the routing header unit belongs and indicates access to a management domain; and
  
  a fabric switch connected to the routing header unit and to a plurality of external ports, wherein the fabric switch is configured to perform packet processing based, at least in part, on the management domain bit; and
  
  a plurality of links that interconnect the plurality of nodes to form a server fabric.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein each node further comprises a media access control (MAC) unit connected to the fabric switch, and wherein the MAC unit is configured to only accept frames having the management domain bit.
  - 20. The system of claim 19, wherein the management domain bit further indicates a fabric domain to which the management processor belongs, and wherein the MAC unit is assigned the fabric domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
III Holdings 2, LLC (Intellectual Ventures LLC)
Original Assignee
III Holdings 2, LLC (Intellectual Ventures LLC)
Inventors
Davis, Mark, Borland, David, Hobbs, Jason, Marquette, Danny, Volpe, Thomas, Goss, Ken
Primary Examiner(s)
TOWFIGHI, AFSHAWN M

Application Number

US15/360,668
Publication Number

US 20170078296A1
Time in Patent Office

279 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/046   comprising network manageme...

H04L 45/60   Router architectures

H04L 45/74   Address processing for routing

H04L 49/109   Integrated on microchip, e....

H04L 49/3009   Header conversion, routing ...

H04L 49/351   for local area network [LAN...

H04L 49/356   for storage area networks

H04L 63/10   for controlling access to d...

H04L 63/164   at the network layer

H04L 67/60   Scheduling or organising th...

System and method for data center security enhancements leveraging server SOCs or server fabrics

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for data center security enhancements leveraging server SOCs or server fabrics

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links