Shared buffers for processing elements on a network device
First Claim
1. A method comprising:
- exchanging a key between an input/output device for a network device and a first processing element operating on the network device, the key including one of a block cipher key or a stream cipher key;
receiving a plurality of data packets, each of the plurality of data packets having a header and a payload at the input/output device, the plurality of data packets having a destination associated with the first processing element;
encrypting each of the payloads using the key;
encrypting each of the plurality of headers together as a group using the key;
sending the encrypted payloads to first shared buffers maintained at least in part in memory for the network device, the memory arranged to be shared with at least a second processing element operating on the network device;
sending the encrypted group of headers to a second buffer maintained at least in part in the memory and assigned to the second processing element, the network device to include a virtual machine manager to establish a pool of buffers that includes the first and second buffers and at least a first virtual machine that includes at least the first processing elements; and
indicating to the first virtual machine that the encrypted payloads have been sent to the first buffer, the first virtual machine to;
obtain the encrypted payloads from the first shared buffers responsive to the indication; and
decrypt the encrypted payloads using the key.
1 Assignment
0 Petitions
Accused Products
Abstract
Examples are disclosed for exchanging a key between an input/output device for network device and a first processing element operating on the network device. Data having a destination associated with the first processing element may be received by the input/output device. The exchanged key may be used to encrypt the received data. The encrypted data may then be sent to a buffer maintained at least in part in a memory for the network device. The memory may be arranged to enable sharing of the buffer with at least a second processing element operating on the network device. Examples are also disclosed for the processing element to receive an indication of the storing of the encrypted data in the buffer. The processing element may then obtain the encrypted data from the buffer and decrypt the data using the exchanged key.
43 Citations
18 Claims
-
1. A method comprising:
-
exchanging a key between an input/output device for a network device and a first processing element operating on the network device, the key including one of a block cipher key or a stream cipher key; receiving a plurality of data packets, each of the plurality of data packets having a header and a payload at the input/output device, the plurality of data packets having a destination associated with the first processing element; encrypting each of the payloads using the key; encrypting each of the plurality of headers together as a group using the key; sending the encrypted payloads to first shared buffers maintained at least in part in memory for the network device, the memory arranged to be shared with at least a second processing element operating on the network device; sending the encrypted group of headers to a second buffer maintained at least in part in the memory and assigned to the second processing element, the network device to include a virtual machine manager to establish a pool of buffers that includes the first and second buffers and at least a first virtual machine that includes at least the first processing elements; and indicating to the first virtual machine that the encrypted payloads have been sent to the first buffer, the first virtual machine to; obtain the encrypted payloads from the first shared buffers responsive to the indication; and
decrypt the encrypted payloads using the key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus maintained at an input/output device for a network device comprising:
a processor circuit; and
a memory unit communicatively coupled to the processor circuit, the memory unit arranged to store instructions for logic operative on the processor circuit, the logic configured to exchange a key with a first processing element operating on the network device, the key including one of a block cipher key or a stream cipher key, the logic also configured to encrypt a payload of each of a plurality of data packets, each of the plurality of data packets also having a header, the plurality of data packets received by the input/output device, the received plurality of data packets having a destination associated with the first processing element, the payloads encrypted using the key, the logic also configured to encrypt each of the plurality of headers together as a group using the key, the logic also configured to cause the encrypted payloads to be sent to first shared buffers maintained at least in part in memory for the network device, the memory arranged to be shared with at least a second processing element operating on the network device and send the encrypted group of headers to a second buffer maintained at least in part in the memory and assigned to the second processing element, the network device to include a virtual machine manager to establish a pool of buffers that includes the first and second buffers and at least a first virtual machine that includes at least the first processing element, the logic also configured to indicate to the first virtual machine that the encrypted payloads have been sent to the first buffer, the first virtual machine to obtain the encrypted payloads from the first shared buffers responsive to the indication and to decrypt the encrypted payloads using the key.- View Dependent Claims (10, 11, 12, 13)
-
14. A method comprising:
-
exchanging a key between an input/output device for a network device and a first processing element operating on the network device, the key including one of a block cipher key or a stream cipher key; receiving, at a first virtual machine, an indication that an encrypted payload of each of a plurality of data packets received by the input/output device and having a destination associated with the first processing element have been encrypted using the key, the indication also to include information to indicate that the encrypted payloads are stored in first shared buffers maintained at least in part in memory for the network device, the memory arranged to be shared with at least a second processing element operating on the network device, the information to also indicate that headers for the plurality of data packets is stored, as an encrypted group of headers, to a second buffer maintained at least in part in the memory and assigned to the second processing element, the first shared buffers and the second buffer included in a pool of buffers established by a virtual machine manager of the network device, at least the first processing elements included in the first virtual machine; obtaining the encrypted payloads from the first shared buffers and the encrypted group of headers from the second buffer responsive to receipt of the indication; and decrypting the encrypted payloads using the key. - View Dependent Claims (15, 16, 17, 18)
-
Specification