Storage access authentication mechanism
Granted: October 14, 2014
Patent Number:
8862899
In embodiments according to the present invention an encryption switch is used to authorize access to LUNs from client VMs present in the cloud provider network. The encryption switch includes responder side software for an authentication protocol and an agent in the client VM includes the requestor side of the authentication protocol. The certificate of the client is securely provided to the encryption switch, which associates the client VM with the LUN. The client private key is…
Host-level policies for global server load balancing
Granted: October 14, 2014
Patent Number:
8862740
In a network, a user can configure host-level policies usable for load balancing traffic to servers of a domain. A global server load balancing (GSLB) switch provides load balancing to the servers, and is configured with the GSLB host-level policies. Users can define a host-level policy (alternatively or additionally to a globally applied GSLB policy) and apply the host-level policy to hosts in domains configured on the GSLB switch. Thus, the user can enable different policies for…
Public cloud data at rest security
Granted: October 7, 2014
Patent Number:
8856548
An encryption switch which is used in a cloud environment to secure data on the LUNs used by the clients. A client provides a certificate to the cloud service. The encryption switch develops a cloud crypto domain (CCD) as a secure area, with the data at rest on the LUNs encrypted. The encryption switch develops a master key for client use in the CCD, which is provided to the client encrypted by the client's public key. Data encryption keys (DEKs) are created for each LUN and provided to…
Multi-processor architecture using multiple switch fabrics implementing point-to-point serial links and method of operating same
Granted: October 7, 2014
Patent Number:
8856421
A multi-processor architecture for a network device that includes a plurality of barrel cards, each including: a plurality of processors, a PCIe switch coupled to each of the plurality of processors, and packet processing logic coupled to the PCIe switch. The PCIe switch on each barrel card provides high speed flexible data paths for the transmission of incoming/outgoing packets to/from the processors on the barrel card. An external PCIe switch is commonly coupled to the PCIe switches on…
High availability and multipathing for fibre channel over ethernet
Granted: September 30, 2014
Patent Number:
8848575
A physical Fiber Channel over Ethernet (FCoE) switch defines a multipath virtual FCoE switch to provide uninterrupted storage access between N_PORTs of an FCoE host and a Fiber Channel (FC) storage target, for example, in response to an F_PORT failure. Through the multipath virtual FCoE switch, the fabric is configured with multiple physical paths available between the FCoE hosts and FC targets. The multipath virtual FCoE switch is defined between or among multiple physical FCoE switches…
Ingress rate limiting
Granted: September 23, 2014
Patent Number:
8842536
A network device monitors the traffic of individual flows through one of its ingress ports and, if the traffic volume exceeds a predetermined threshold, signals for a reduction in data traffic volume transmitted to that ingress port from one or more source devices. Example signals may include without limitation a unicast congestion message sent to the source of a flow, an Explicit Congestion Notification to one or more source devices, and the dropping of packets by the receiving device.…
Method for bridging multiple network views
Granted: September 16, 2014
Patent Number:
8839113
Embodiments which utilize a topology view GUI with elements in each of storage and general network views which indicate the connection to the alternate network via an icon. Properly selecting the icon causes the topology view of the other network to appear. This method allows the connections between the networks to be readily viewed without cluttering either topology and allows quick context changes to occur at the same point.
Virtual and logical inter-switch links
Granted: September 9, 2014
Patent Number:
8831013
A Layer 2 network switch is partitionable into a plurality of switch fabrics. The single-chassis switch is partitionable into a plurality of logical switches, each associated with one of the virtual fabrics. The logical switches behave as complete and self-contained switches. A logical switch fabric can span multiple single-chassis switch chassis. Logical switches are connected by inter-switch links that can be either dedicated single-chassis links or logical links. An extended…
Source-based congestion detection and control
Granted: September 2, 2014
Patent Number:
8824294
Congestion control techniques based upon resource utilization information stored by a network device. According to an embodiment of the present invention, a network device is configured to identify a data source causing congestion based upon information stored by the network device identifying a set of data sources, and for each data source, information identifying the amount of a resource of the network device being used for processing data received by the network device from the data…
Selective network merging
Granted: August 26, 2014
Patent Number:
8817804
Subsets of isolated communications networks are selectively merged without merging the entire isolated communications networks, and devices are imported across isolated communications networks without merging the isolated communications networks. The presently disclosed technology provides for improved scalability, performance, and security in logical networks spanning two or more physical communications networks.
Batching and compression for IP transmission
Granted: August 19, 2014
Patent Number:
8811429
A storage router and related method are presented for combining multiple host frames, such as Fiber Channel frames, together into a single datagram for tunneling transmission over an IP or similar network. The storage router operates by storing incoming host frames in a host frame buffer. When there is sufficient data in the buffer, multiple host frames are batched together, compressed, and converted into an IP datagram. The number of host frames to be batched together can be established…
HBA boot using network stored information
Granted: August 12, 2014
Patent Number:
8805969
A storage area network (SAN) fabric stores configuration information for servers connected to the SAN fabric. Configuration data can include target boot device address, topology configuration, etc. The configuration data is stored in a zone database as a zone member list. The zone database is accessible via a name server. To boot from a target boot device connected to the SAN fabric, the server first logs in to the fabric to register with the name server. The server then sends a…
Diagnostic port for inter-switch link testing in electrical, optical and remote loopback modes
Granted: August 5, 2014
Patent Number:
8798456
A diagnostic testing utility is used to perform single link diagnostics tests including an electrical loopback test, an optical loopback test, a link traffic test, and a link distance measurement test. To perform the diagnostic tests, two ports at each end of a link are identified and then statically configured by a user. The ports will be configured as D_Ports and as such will be isolated from the fabric with no data traffic flowing through them. The ports will then be used to send test…
Apparatus and method for routing traffic in multi-link switch
Granted: August 5, 2014
Patent Number:
8798043
A method of routing traffic in a switch includes forming an optimized routing table specifying for each switch ingress port an exit port to be utilized to reach a specified destination domain. The optimized routing table is formed in accordance with load distribution, oversubscription, and fragmentation criteria. The optimized routing table is distributed to a set of ingress ports of the switch. Traffic is processed at the set of ingress ports in accordance with the optimized routing…
Network packet latency measurement
Granted: July 29, 2014
Patent Number:
8792366
A solution for network packet latency measurement includes, at a network device having a memory, storing a first time value indicating when an ingress port of the network device received a packet. The solution also includes storing a second time value indicating when an egress port of the network device received the packet for transmission towards another network device. The solution also includes storing a difference between the first time value and the second time value.
Manageability tools for lossless networks
Granted: July 29, 2014
Patent Number:
8792354
Manageability tools are provided for allowing an administrator to have better control over switches in a lossless network of switches. These tools provide the ability to detect slow drain and congestion bottlenecks, detect stuck virtual channels and loss of credits, configure hold times on edge switches to be different from hold times on core switches, and mitigate severe latency bottlenecks.
Data migration without interrupting host access
Granted: July 22, 2014
Patent Number:
8788878
A system includes a source storage device, a target storage device, a host coupled to the source storage device and the target storage device, and a first migration device coupled to the source storage device and the target storage device. The first migration device includes a first virtual storage device. The first migration device is configured to migrate data from the source storage device to the target storage device, and the first virtual storage device is configured to receive…
Disaster recovery
Granted: July 22, 2014
Patent Number:
8788455
File system disaster recovery techniques provide automated monitoring, failure detection and multi-step failover from a primary designated target to one of a designated group of secondary designated targets. Secondary designated targets may be prioritized so that failover occurs in a prescribed sequence. Replication of information between the primary designated target and the secondary designated targets allows failover in a manner that maximizes continuity of operation. In addition,…
Blade and air deflector in a plenum
Granted: July 15, 2014
Patent Number:
8780551
A chassis-based processing system includes a first set of processing blades mounted in parallel within a card cage and attached to a backplane within a chassis. An air intake plenum allows air to flow into the chassis, and over the first set of processing blades in an optimized manner. A separate processing blade is located in the air intake plenum, and is attached to the backplane. This processing blade may have less restrictive proximity requirements than the first set of processing…
Virtual port world wide names
Granted: July 8, 2014
Patent Number:
8774052
A network switch allows defining a virtual port worldwide name (VPWWN) and associating the VPWWN with an F_port of the network switch, for use by a host bus adaptor (HBA) connecting to the network switch. Both a default and a user VPWWN may be defined, with the user VPWWN typically taking precedence over the default VPWWN. A database of VPWWN associations may be used to ensure uniqueness of the user VPWWN. Where the HBA allows dynamic assignment of WWNs, the VPWWN may be pushed to the…
