Patent application number | Description | Published |
20090119279 | Graph caching - In a method and apparatus for analyzing nodes of a Deterministic Finite Automata (DFA), an accessibility ranking, based on a DFA graph geometrical configuration, may be determined in order to determine cacheable portions of the DFA graph in order to reduce the number of external memory accesses. A walker process may be configured to walk the graph in a graph cache as well as main memory. The graph may be generated in a manner allowing each arc to include information if the node it is pointing to is stored in the graph cache or in main memory. The walker may use this information to determine whether or not to access the next arc in the graph cache or in main memory. | 05-07-2009 |
20090119399 | Intelligent graph walking - An apparatus, and corresponding method, for performing a search for a match of at least one expression in an input stream is presented. A graph including a number of interconnected nodes is generated. A compiler may assign at least one starting node and at least one ending node. The starting node includes a location table with node position information of an ending node and a sub-string value associated with the ending node. Using the node position information and a string comparison function, intermediate nodes located between the starting and ending nodes may be bypassed. The node bypassing may reduce the number of memory accesses required to read the graph. | 05-07-2009 |
20100050177 | Method and apparatus for content based searching - The scheduling of multiple request to be processed by a number of deterministic finite automata-based graph thread engine (DTE) workstations is processed by a novel scheduler. The scheduler may select an entry from an instruction in a content search apparatus. Using attribute information from the selected entry, the scheduler may thereafter analyze a dynamic scheduling table to obtain placement information. The scheduler may determine an assignment of the entry, using the placement information, that may limit cache thrashing and head of line blocking occurrences. Each DTE workstation may including normalization capabilities. Additionally, the content searching apparatus may employ an address memory scheme that may prevent memory bottle neck issues. | 02-25-2010 |
20100114973 | Deterministic Finite Automata Graph Traversal with Nodal Bit Mapping - An apparatus, and corresponding method, for generating a graph used in performing a search for a match of at least one expression in an input stream is presented. The graph includes a number of interconnected nodes connected solely by valid arcs. A valid arc may also include a nodal bit map including structural information of a node to which the valid arc points to. A walker process may utilize the nodal bit map to determine if a memory access is necessary. The nodal bit map reduces the number of external memory access and therefore reduces system run time. | 05-06-2010 |
20100131658 | Multiple core Session Initiation Protocol (SIP) - A Session Initiation Protocol (SIP) proxy server including a multi-core central processing unit (CPU) is presented. The multi-core CPU includes a receiving core dedicated to pre-SIP message processing. The pre-SIP message processing may include message retrieval, header and payload parsing, and Call-ID hashing. The Call-ID hashing is used to determine a post-SIP processing core designated to process messages between particular user pair. The pre-SIP and post-SIP configuration allows for the use of multiple processing cores to utilize a single control plane, thereby providing an accurate topology of the network for each processing core. | 05-27-2010 |
20110016154 | PROFILE-BASED AND DICTIONARY BASED GRAPH CACHING - Methods and apparatuses are disclosed for caching portions of a Deterministic Finite Automata (DFA) graph during a compilation stage prior to a run-time stage that identifies attack traffic based on the graph. Cacheable components are identified based on a traffic profile, a dictionary of keywords, and/or a geometrical configuration of the graph. Techniques are disclosed for performing various types of caching alone or in combination with other types. Caching based on a dictionary or profile exploit a tendency of graph traversals performed during non-attack scenarios to remain near root nodes that correspond to the start of patterns designating blacklist traffic. By caching nodes that are near root nodes and that are visited frequently during peacetime (non-attack) scenarios, significant cache hits may be achieved during run-time execution. Caching graph components while compiling patterns using presently disclosed techniques avoids the need for expensive hardware to learn what and when to cache. | 01-20-2011 |
20110271277 | METHOD AND APPARATUS FOR A VIRTUAL SYSTEM ON CHIP - A virtual system on chip (VSoC) is an implementation of a machine that allows for sharing of underlying physical machine resources between different virtual systems. A method or corresponding apparatus of the present invention relates to a device that includes a plurality of virtual systems on chip and a configuring unit. The configuring unit is arranged to configure resources on the device for the plurality of virtual systems on chip as a function of an identification tag assigned to each virtual system on chip. | 11-03-2011 |
20120143854 | GRAPH CACHING - In a method and apparatus for analyzing nodes of a Deterministic Finite Automata (DFA), an accessibility ranking, based on a DFA graph geometrical configuration, may be determined in order to determine cacheable portions of the DFA graph in order to reduce the number of external memory accesses. A walker process may be configured to walk the graph in a graph cache as well as main memory. The graph may be generated in a manner allowing each arc to include information if the node it is pointing to is stored in the graph cache or in main memory. The walker may use this information to determine whether or not to access the next arc in the graph cache or in main memory. | 06-07-2012 |
20120221497 | Regular Expression Processing Automaton - A method and corresponding apparatus are provided implementing a stage one of run time processing using Deterministic Finite Automata (DFA) and implementing a stage two of run time processing using Non-Deterministic Finite Automata (NFA) to find the existence of a pattern in a payload, such as the payload portion of an Internet Protocol (IP) datagram, or an input stream. | 08-30-2012 |
20120331007 | Anchored Patterns - A method and apparatus relate to recognizing anchored patterns from an input stream. Patterns from a plurality of given patterns are marked as anchored patterns. An anchored state tree for the anchored patterns of the plurality of given patterns is built, including nodes representing a state of the anchored state tree. For each node of the anchored state tree, a failure value equivalent to a node representing a state in an unanchored state tree representing unanchored patterns of the plurality of given patterns is determined. | 12-27-2012 |
20120331554 | Regex Compiler - A method and corresponding apparatus relate to converting a nondeterministic finite automata (NFA) graph for a given set of patterns to a deterministic finite automata (DFA) graph having a number of states. Each of the DFA states is mapped to one or more states of the NFA graph. A hash value of the one or more states of the NFA graph mapped to each DFA state is computed. A DFA states table correlates each of the number of DFA states to the hash value of the one or more states of the NFA graph for the given pattern. | 12-27-2012 |
20130034100 | LOOKUP FRONT END PACKET INPUT PROCESSOR - A packet processor provides for rule matching of packets in a network architecture. The packet processor includes a lookup cluster complex having a number of lookup engines and respective on-chip memory units. The on-chip memory stores rules for matching against packet data. A lookup front-end receives lookup requests from a host, and processes these lookup requests to generate key requests for forwarding to the lookup engines. As a result of the rule matching, the lookup engine returns a response message indicating whether a match is found. The lookup front-end further processes the response message and provides a corresponding response to the host. | 02-07-2013 |
20130034106 | LOOKUP CLUSTER COMPLEX - A packet processor provides for rule matching of packets in a network architecture. The packet processor includes a lookup cluster complex having a number of lookup engines and respective on-chip memory units. The on-chip memory stores rules for matching against packet data. Each of the lookup engines receives a key request associated with a packet and determines a subset of the rules to match against the packet data. As a result of the rule matching, the lookup engine returns a response message indicating whether a match is found. | 02-07-2013 |
20130036083 | System and Method for Storing Lookup Request Rules in Multiple Memories - In one embodiment, a system includes a data navigation unit configured to navigate through a data structure stored in a first memory to a first representation of at least one rule. The system further includes at least one rule processing unit configured to a) receive the at least one rule based on the first representation of the at least one rule from a second memory to one of the rule processing unit, and b) processing a key using the at least one rule. | 02-07-2013 |
20130036102 | INCREMENTAL UPDATE - A system, apparatus, and method are provided for adding, deleting, and modifying rules in one update from the perspective of an active search process for packet classification. While a search processor searches for one or more rules that match keys generated from received packets, there is a need to add, delete, or modify rules. By adding, deleting, and modifying rules in one update from the perspective of an active search process for packet classification, performance and functionality of the active search process may be maintained, thereby preventing packet loss and preserving throughput. | 02-07-2013 |
20130036151 | WORK MIGRATION IN A PROCESSOR - A packet processor provides for rule matching of packets in a network architecture. The packet processor includes a lookup cluster complex having a number of lookup engines and respective on-chip memory units. The on-chip memory stores rules for matching against packet data. Each of the lookup engines receives a key request associated with a packet and determines a subset of the rules to match against the packet data. A work product may be migrated between lookup engines to complete the rule matching process. As a result of the rule matching, the lookup engine returns a response message indicating whether a match is found. | 02-07-2013 |
20130036152 | LOOKUP FRONT END PACKET OUTPUT PROCESSOR - A packet processor provides for rule matching of packets in a network architecture. The packet processor includes a lookup cluster complex having a number of lookup engines and respective on-chip memory units. The on-chip memory stores rules for matching against packet data. A lookup front-end receives lookup requests from a host, and processes these lookup requests to generate key requests for forwarding to the lookup engines. As a result of the rule matching, the lookup engine returns a response message indicating whether a match is found. The lookup front-end further processes the response message and provides a corresponding response to the host. | 02-07-2013 |
20130036185 | METHOD AND APPARATUS FOR MANAGING TRANSPORT OPERATIONS TO A CLUSTER WITHIN A PROCESSOR - A method and corresponding apparatus of managing transport operations between a first memory cluster and one or more other memory clusters, include receiving, in the first cluster, information related to one or more transport operations with related data buffered in an interface device, the interface device coupling the first cluster to the one or more other clusters, selecting at least one transport operation, from the one or more transport operations, based at least in part on the received information, and executing the selected at least one transport operation. | 02-07-2013 |
20130036274 | ON-CHIP MEMORY (OCM) PHYSICAL BANK PARALLELISM - According to an example embodiment, a processor is provided including an integrated on-chip memory device component. The on-chip memory device component includes a plurality of memory banks, and multiple logical ports, each logical port coupled to one or more of the plurality of memory banks, enabling access to multiple memory banks, among the plurality of memory banks, per clock cycle, each memory bank accessible by a single logical port per clock cycle and each logical port accessing a single memory bank per clock cycle. | 02-07-2013 |
20130036284 | METHOD AND APPARATUS FOR MANAGING TRANSFER OF TRANSPORT OPERATIONS FROM A CLUSTER IN A PROCESSOR - A method and corresponding apparatus of managing transport operations between a first memory cluster and one or more other memory clusters, include selecting, at a clock cycle in the first memory cluster, at least one transport operation destined to at least one destination memory cluster, from one or more transport operations, based at least in part on priority information associated with the one or more transport operations or current states of available processing resources allocated to the first memory cluster in each of a subset of the one or more other memory clusters, and initiating the transport of the selected at least one transport operation. | 02-07-2013 |
20130036285 | METHOD AND APPARATUS FOR MANAGING PROCESSING THREAD MIGRATION BETWEEN CLUSTERS WITHIN A PROCESSOR - A method, and corresponding apparatus, of managing processing thread migrations within a plurality of memory clusters, includes embedding, in memory components of the plurality of memory clusters, instructions indicative of processing thread migrations; storing, in one or more memory components of a particular memory cluster among the plurality of memory clusters, data configured to designate the particular memory cluster as a sink memory cluster, the sink memory cluster preventing an incoming migrated processing thread from migrating out of the sink memory cluster; and processing one or more processing threads, in one or more of the plurality of memory clusters, in accordance with at least one of the embedded migration instructions and the data stored in the one or more memory components of the sink memory cluster. | 02-07-2013 |
20130036288 | METHOD AND APPARATUS FOR ASSIGNING RESOURCES USED TO MANAGE TRANSPORT OPERATIONS BETWEEN CLUSTERS WITHIN A PROCESSOR - A method, and corresponding apparatus, of assigning processing resources used to manage transport operations between a first memory cluster and one or more other memory clusters, include receiving information indicative of allocation of a subset of processing resources in each of the one or more other memory clusters to the first memory cluster, storing, in the first memory cluster, the information indicative of resources allocated to the first memory cluster, and facilitating management of transport operations between the first memory cluster and the one or more other memory clusters based at least in part on the information indicative of resources allocated to the first memory cluster. | 02-07-2013 |
20130036471 | System and Method for Rule Matching in a Processor - In one embodiment, a system includes a format block configured to receive a key, at least one rule, and rule formatting information. The rule can have one or more dimensions. The format block can be further configured to extract each of the dimensions from the at least one rule. The system can further include a plurality of dimension matching engines (DME). Each DME can be configured to receive the key and a corresponding formatted dimension, and process the key and the corresponding dimension for returning a match or nomatch. The system can further include a post processing block configured to analyze the matches or no matches returned from the DMEs and return a response based on the returned matches or nomatches. | 02-07-2013 |
20130036477 | Method and Apparatus Encoding a Rule for a Lookup Request in a Processor - In one embodiment, a method includes encoding a key matching rule having at least one dimension by storing in a memory (i) a header of the key matching rule that has at least one header field, and (ii) at least one rule value field of the key matching rule corresponding to one of the dimensions. | 02-07-2013 |
20130039366 | Packet Classification - A packet classification system, methods, and corresponding apparatus are provided for enabling packet classification. A processor of a security appliance coupled to a network uses a classifier table having a plurality of rules, the plurality of rules having at least one field, to build a decision tree structure including a plurality of nodes, the plurality of nodes including a subset of the plurality of rules. The methods may produce wider, shallower trees that result in shorter search times and reduced memory requirements for storing the trees. | 02-14-2013 |
20130058332 | LOOKUP FRONT END PACKET INPUT PROCESSOR - A packet processor provides for rule matching of packets in a network architecture. The packet processor includes a lookup cluster complex having a number of lookup engines and respective on-chip memory units. The on-chip memory stores rules for matching against packet data. A lookup front-end receives lookup requests from a host, and processes these lookup requests to generate key requests for forwarding to the lookup engines. As a result of the rule matching, the lookup engine returns a response message indicating whether a match is found. The lookup front-end further processes the response message and provides a corresponding response to the host. | 03-07-2013 |
20130060727 | Identifying Duplication in Decision Trees - A packet classification system, methods, and corresponding apparatus are provided for enabling packet classification. A processor of a security appliance coupled to a network uses a classifier table having a plurality of rules, the plurality of rules having at least one field, to build a decision tree structure including a plurality of nodes, the plurality of nodes including a subset of the plurality of rules. By identifying duplication in decision trees, the methods may produce wider, shallower trees that result in shorter search times and reduced memory requirements for storing the trees. | 03-07-2013 |
20130067173 | METHOD AND APPARATUS FOR MULTIPLE ACCESS OF PLURAL MEMORY BANKS - A processor with on-chip memory including a plurality of physical memory banks is disclosed. The processor includes a method, and corresponding apparatus, of enabling multi-access to the plurality of physical memory banks The method comprises selecting a subset of multiple access requests to be executed in at least one clock cycle over at least one of a number of access ports connected to the plurality of physical memory banks, the selected subset of access requests addressed to different physical memory banks, among the plurality of memory banks, and scheduling the selected subset of access requests, each over a separate access port. | 03-14-2013 |
20130085978 | Decision Tree Level Merging - A packet classification system, methods, and corresponding apparatus are provided for enabling packet classification. A processor of a security appliance coupled to a network uses a classifier table having a plurality of rules, the plurality of rules having at least one field, to build a decision tree structure including a plurality of nodes, the plurality of nodes including a subset of the plurality of rules. By merging levels of decision trees, the methods may produce wider, shallower trees that result in shorter search times and reduced memory requirements for storing the trees. | 04-04-2013 |
20130103904 | SYSTEM AND METHOD TO REDUCE MEMORY ACCESS LATENCIES USING SELECTIVE REPLICATION ACROSS MULTIPLE MEMORY PORTS - In one embodiment, a system comprises multiple memory ports distributed into multiple subsets, each subset identified by a subset index and each memory port having an individual wait time. The system further comprises a first address hashing unit configured to receive a read request including a virtual memory address associated with a replication factor, and referring to graph data. The first address hashing unit translates the replication factor into a corresponding subset index based on the virtual memory address, and converts the virtual memory address to a hardware based memory address that refers to graph data in the memory ports within a subset indicated by the corresponding subset index. The system further comprises a memory replication controller configured to direct read requests to the hardware based address to the one of the memory ports within the subset indicated by the corresponding subset index with a lowest individual wait time. | 04-25-2013 |
20130103909 | SYSTEM AND METHOD TO PROVIDE NON-COHERENT ACCESS TO A COHERENT MEMORY SYSTEM - In one embodiment, a system comprises a memory and a memory controller that provides a cache access path to the memory and a bypass-cache access path to the memory, receives requests to read graph data from the memory on the bypass-cache access path and receives requests to read non-graph data from the memory on the cache access path. A method comprises receiving a request at a memory controller to read graph data from a memory on a bypass-cache access path, receiving a request at the memory controller to read non-graph data from the memory through a cache access path, and arbitrating, in the memory controller, among the requests using arbitration. | 04-25-2013 |
20130133064 | REVERSE NFA GENERATION AND PROCESSING - In a processor of a security appliance, an input of a sequence of characters is walked through a finite automata graph generated for at least one given pattern. At a marked node of the finite automata graph, if a specific type of the at least one given pattern is matched at the marked node, the input sequence of characters is processed through a reverse non-deterministic finite automata (rNFA) graph generated for the specific type of the at least one given pattern by walking the input sequence of characters backwards through the rNFA beginning from an offset of the input sequence of characters associated with the marked node. Generating the rNFA for a given pattern includes inserting processing nodes for processing an input sequence of patterns to determine a match for the given pattern. In addition, the rNFA is generated from the given type of pattern. | 05-23-2013 |
20130218853 | Rule Modification in Decision Trees - A system, apparatus, and method are provided for modifying rules in-place atomically from the perspective of an active search process using the rules for packet classification. A rule may be modified in-place by updating a rule's definition to be an intersection of an original and new definition. The rule's definition may be further updated to the rule's new definition and a decision tree may used updated based on the rule's new definition. While a search processor searches for one or more rules that match keys generated from received packets the in-place rule modification prevents periods of incorrect rule matching of the keys thereby preventing packet loss and preserving throughput. | 08-22-2013 |
20130232104 | DUPLICATION IN DECISION TREES - A packet classification system, apparatus, and corresponding apparatus are provided for enabling packet classification. A processor of a security appliance coupled to a network uses a classifier table having a plurality of rules, the plurality of rules having at least one field, to build a decision tree structure for packet classification. Duplication in the decision tree may be identified, producing a wider, shallower decision tree that may result in shorter search times with reduced memory requirements for storing the decision tree. A number of operations needed to identify duplication in the decision tree may be reduced, thereby increasing speed and efficiency of a compiler building the decision tree. | 09-05-2013 |
20130239193 | PHASED BUCKET PRE-FETCH IN A NETWORK PROCESSOR - A packet processor provides for rule matching of packets in a network architecture. The packet processor includes a lookup cluster complex having a number of lookup engines and respective on-chip memory units. The on-chip memory stores rules for matching against packet data. Each of the lookup engines receives a key request associated with a packet and determines a subset of the rules to match against the packet data. Based on a prefetch status, a selection of the subset of rules are retrieved for rule matching. As a result of the rule matching, the lookup engine returns a response message indicating whether a match is found. | 09-12-2013 |
20130250948 | LOOKUP CLUSTER COMPLEX - A packet processor provides for rule matching of packets in a network architecture. The packet processor includes a lookup cluster complex having a number of lookup engines and respective on-chip memory units. The on-chip memory stores rules for matching against packet data. Each of the lookup engines receives a key request associated with a packet and determines a subset of the rules to match against the packet data. As a result of the rule matching, the lookup engine returns a response message indicating whether a match is found. | 09-26-2013 |
20130262518 | Deterministic Finite Automata Graph Traversal With Nodal Bit Mapping - An apparatus, and corresponding method, for generating a graph used in performing a search for a match of at least one expression in an input stream is presented. The graph includes a number of interconnected nodes connected solely by valid arcs. A valid arc may also include a nodal bit map including structural information of a node to which the valid arc points to. A walker process may utilize the nodal bit map to determine if a memory access is necessary. The nodal bit map reduces the number of external memory access and therefore reduces system run time. | 10-03-2013 |
20130282766 | Incremental Update Heuristics - A system, apparatus, and method are provided for receiving one or more incremental updates including adding, deleting, or modifying rules of a Rule Compiled Data Structure (RCDS) used for packet classification. Embodiments disclosed herein may employ at least one heuristic for maintaining quality of the RCDS. At a given one of the one or more incremental updates received, a section of the RCDS may be identified and recompilation of the identified section may be triggered, altering the RCDS shape or depth in a manner detected by the at least one heuristic employed. The at least one heuristic employed enables performance and functionality of an active search process using the RCDS to be improved by advantageously determining when and where to recompile one or more sections of the RCDS being searched. | 10-24-2013 |
20140013061 | System And Method To Reduce Memory Access Latencies Using Selective Replication Across Multiple Memory Ports - In one embodiment, a system comprises a plurality of memory ports. The memory ports are distributed into a plurality of subsets, where each subset is identified by a subset index. The system further comprises a first address hashing unit configured to receive a request including at least one virtual memory address. Each virtual memory address is associated with a replication factor, and the virtual memory address refers to graph data. The first address hashing unit translates the replication factor into a corresponding subset index based on the virtual memory address, and converts the virtual memory address to a hardware based memory address. The hardware based address refers to data in the memory ports within a subset indicated by the corresponding subset index. | 01-09-2014 |
20140059241 | Multiple Core Session Initiation Protocol (SIP) - A Session Initiation Protocol (SIP) proxy server including a multi-core central processing unit (CPU) is presented. The multi-core CPU includes a receiving core dedicated to pre-SIP message processing. The pre-SIP message processing may include message retrieval, header and payload parsing, and Call-ID hashing. The Call-ID hashing is used to determine a post-SIP processing core designated to process messages between particular user pair. The pre-SIP and post-SIP configuration allows for the use of multiple processing cores to utilize a single control plane, thereby providing an accurate topology of the network for each processing core. | 02-27-2014 |
20140119378 | LOOKUP FRONT END PACKET INPUT PROCESSOR - A packet processor provides for rule matching of packets in a network architecture. The packet processor includes a lookup cluster complex having a number of lookup engines and respective on-chip memory units. The on-chip memory stores rules for matching against packet data. A lookup front-end receives lookup requests from a host, and processes these lookup requests to generate key requests for forwarding to the lookup engines. As a result of the rule matching, the lookup engine returns a response message indicating whether a match is found. The lookup front-end further processes the response message and provides a corresponding response to the host. | 05-01-2014 |
20140188973 | LOOKUP FRONT END PACKET OUTPUT PROCESSOR - A packet processor provides for rule matching of packets in a network architecture. The packet processor includes a lookup cluster complex having a number of lookup engines and respective on-chip memory units. The on-chip memory stores rules for matching against packet data. A lookup front-end receives lookup requests from a host, and processes these lookup requests to generate key requests for forwarding to the lookup engines. As a result of the rule matching, the lookup engine returns a response message indicating whether a match is found. The lookup front-end further processes the response message and provides a corresponding response to the host. | 07-03-2014 |
20140215478 | WORK MIGRATION IN A PROCESSOR - A packet processor provides for rule matching of packets in a network architecture. The packet processor includes a lookup cluster complex having a number of lookup engines and respective on-chip memory units. The on-chip memory stores rules for matching against packet data. Each of the lookup engines receives a key request associated with a packet and determines a subset of the rules to match against the packet data. A work product may be migrated between lookup engines to complete the rule matching process. As a result of the rule matching, the lookup engine returns a response message indicating whether a match is found. | 07-31-2014 |
20140269718 | PACKET EXTRACTION OPTIMIZATION IN A NETWORK PROCESSOR - A packet processor provides for rule matching of packets in a network architecture. The packet processor includes a lookup cluster complex having a number of lookup engines and respective on-chip memory units. The on-chip memory stores rules for matching against packet data. A lookup front-end receives lookup requests from a host, and processes these lookup requests to generate key requests for forwarding to the lookup engines. Based on information in the packet, the lookup front-end can optimize start times for sending key requests as a continuous stream with minimal delay. As a result of the rule matching, the lookup engine returns a response message indicating whether a match is found. | 09-18-2014 |
20140279805 | Scheduling Method and Apparatus for Scheduling Rule Matching in a Processor - In a network search processor, configured to handle search requests in a router, a scheduler for scheduling rule matching threads initiated by a plurality of initiating engines is designed to make efficient use of the resources in the network search processor while providing high speed performance. According to at least one example embodiment, the scheduler and a corresponding scheduling method comprise: determining a set of bundles of rule matching threads, each bundle being initiated by a separate initiating engine; distributing rule matching threads in each bundle into a number of subgroups of rule matching threads; assigning the subgroups of rule matching threads associated with each bundle of the set of bundles to multiple scheduling queues; and sending rule matching threads, assigned to each scheduling queue, to rule matching engines according to an order based on priorities associated with the respective bundles of rule matching threads. | 09-18-2014 |
20140279806 | METHOD AND AN ACCUMULATOR SCOREBOARD FOR OUT-OF-ORDER RULE RESPONSE HANDLING - According to at least one example embodiment, a method and a corresponding accumulator scoreboard for managing bundles of rule matching threads processed by one or more rule matching engines comprise: recording, for each rule matching thread in a given bundle of rule matching threads, a rule matching result in association with a priority corresponding to the respective rule matching thread; determining a final rule matching result, for the given bundle of rule matching threads, based at least in part on the corresponding indications of priorities; and generating a response state indicative of the determined final rule matching result for reporting to a host processor or a requesting processing engine. | 09-18-2014 |
20140279850 | BATCH INCREMENTAL UPDATE - A system, apparatus, and method are provided for adding, deleting, and modifying rules in one update from the perspective of an active search process for packet classification. While a search processor searches for one or more rules that match keys generated from received packets, there is a need to add, delete, or modify rules. By organizing a plurality incremental updates for adding, deleting, or modifying rules into a batch update, several operations for incorporating the incremental updates may be made more efficient by minimizing a number of updates required. | 09-18-2014 |
20140280357 | NSP Manager - In an embodiment, a method of updating a memory with a plurality of memory lines, the memory storing a tree, a plurality of buckets, and a plurality of rules, can include maintaining a copy of the memory with a plurality of memory lines. The method can further include writing a plurality of changes to at least one of the tree, the plurality of buckets, and the plurality of rules to the copy. The method can additionally include determining whether each of the plurality of changes is an independent write or a dependent write. The method can further include merging independent writes to the same line of the copy. The method further includes transferring updates from the plurality of lines of the copy to the plurality of lines of the memory. | 09-18-2014 |
20140281809 | Merging Independent Writes, Separating Dependent And Independent Writes, And Error Roll Back - In an embodiment, a method of updating a memory with a plurality of memory lines, the memory storing a tree, a plurality of buckets, and a plurality of rules, can include maintaining a copy of the memory with a plurality of memory lines. The method can further include writing a plurality of changes to at least one of the tree, the plurality of buckets, and the plurality of rules to the copy. The method can additionally include determining whether each of the plurality of changes is an independent write or a dependent write. The method can further include merging independent writes to the same line of the copy. The method further includes transferring updates from the plurality of lines of the copy to the plurality of lines of the memory. | 09-18-2014 |
20140324900 | Intelligent Graph Walking - An apparatus, and corresponding method, for performing a search for a match of at least one expression in an input stream is presented. A graph including a number of interconnected nodes is generated. A compiler may assign at least one starting node and at least one ending node. The starting node includes a location table with node position information of an ending node and a sub-string value associated with the ending node. Using the node position information and a string comparison function, intermediate nodes located between the starting and ending nodes may be bypassed. The node bypassing may reduce the number of memory accesses required to read the graph. | 10-30-2014 |
20140359621 | Method and Apparatus for a Virtual System on Chip - A virtual system on chip (VSoC) is an implementation of a machine that allows for sharing of underlying physical machine resources between different virtual systems. A method or corresponding apparatus of the present invention relates to a device that includes a plurality of virtual systems on chip and a configuring unit. The configuring unit is arranged to configure resources on the device for the plurality of virtual systems on chip as a function of an identification tag assigned to each virtual system on chip. | 12-04-2014 |
20140359622 | Method and Apparatus for a Virtual System on Chip - A virtual system on chip (VSoC) is an implementation of a machine that allows for sharing of underlying physical machine resources between different virtual systems. A method or corresponding apparatus of the present invention relates to a method that includes a plurality of virtual systems on chip and a configuring unit. The configuring unit is arranged to configure resources on the method for the plurality of virtual systems on chip as a function of an identification tag assigned to each virtual system on chip. | 12-04-2014 |
20140372709 | System and Method to Provide Non-Coherent Access to a Coherent Memory System - In one embodiment, a system comprises a memory and a memory controller that provides a cache access path to the memory and a bypass-cache access path to the memory, receives requests to read graph data from the memory on the bypass-cache access path and receives requests to read non-graph data from the memory on the cache access path. A method comprises receiving a request at a memory controller to read graph data from a memory on a bypass-cache access path, receiving a request at the memory controller to read non-graph data from the memory through a cache access path, and arbitrating, in the memory controller, among the requests using arbitration. | 12-18-2014 |
20150066927 | Generating a Non-Deterministic Finite Automata (NFA) Graph for Regular Expression Patterns with Advanced Features - In an embodiment, a method of compiling a pattern into a non-deterministic finite automata (NFA) graph includes examining the pattern for a plurality of elements and a plurality of node types. Each node type can correspond with an element. Each element of the pattern can be matched at least zero times. The method further includes generating a plurality of nodes of the NFA graph. Each of the plurality of nodes can be configured to match for one of the plurality of elements. The node can indicate the next node address in the NFA graph, a count value, and/or node type corresponding to the element. The node can also indicate the element representing a character, character class or string. The character can also be a value or a letter. | 03-05-2015 |
20150066991 | Traversal With Arc Configuration Information - An apparatus, and corresponding method, for generating a graph used in performing a search for a match of at least one expression in an input stream is presented. The graph includes a number of interconnected nodes connected solely by valid arcs. A valid arc may also include a nodal bit map including structural information of a node to which the valid arc points to. A walker process may utilize the nodal bit map to determine if a memory access is necessary. The nodal bit map reduces the number of external memory access and therefore reduces system run time. | 03-05-2015 |
20150067123 | Engine Architecture for Processing Finite Automata - An engine architecture for processing finite automata includes a hyper non-deterministic automata (HNA) processor specialized for non-deterministic finite automata (NFA) processing. The HNA processor includes a plurality of super-clusters and an HNA scheduler. Each super-cluster includes a plurality of clusters. Each cluster of the plurality of clusters includes a plurality of HNA processing units (HPUs). A corresponding plurality of HPUs of a corresponding plurality of clusters of at least one selected super-cluster is available as a resource pool of HPUs to the HNA scheduler for assignment of at least one HNA instruction to enable acceleration of a match of at least one regular expression pattern in an input stream received from a network. | 03-05-2015 |
20150067200 | Memory Management for Finite Automata Processing - Matching at least one regular expression pattern in an input stream may be optimized by initializing a search context in a run stack based on (i) partial match results determined from walking segments of a payload of a flow through a first finite automation and (ii) a historical search context associated with the flow. The search context may be modified via push or pop operations to direct at least one processor to walk segments of the payload through the at least one second finite automation. The search context may be maintained in a manner that obviates overflow of the search context and obviating stalling of the push or pop operations to increase match performance. | 03-05-2015 |
20150067776 | METHOD AND APPARATUS FOR COMPILATION OF FINITE AUTOMATA - A method and corresponding apparatus are provided implementing run time processing using Deterministic Finite Automata (DFA) and Non-Deterministic Finite Automata (NFA) to find the existence of a pattern in a payload. A subpattern may be selected from each pattern in a set of one or more regular expression patterns based on at least one heuristic and a unified deterministic finite automata (DFA) may be generated using the subpatterns selected from all patterns in the set, and at least one non-deterministic finite automata (NFA) may be generated for at least one pattern in the set, optimizing run time performance of the run time processing. | 03-05-2015 |
20150067836 | System and Method to Traverse a Non-Deterministic Finite Automata (NFA) Graph Generated for Regular Expression Patterns with Advanced Features - In one embodiment, a method of walking an non-deterministic finite automata (NFA) graph representing a pattern includes extracting a node type and an element from a node of the NFA graph. The method further includes matching a segment of a payload for the element by matching the payload for the element at least zero times, the number of times based on the node type. | 03-05-2015 |
20150067863 | METHOD AND APPARATUS FOR PROCESSING FINITE AUTOMATA - A method and corresponding apparatus for run time processing use a Deterministic Finite Automata (DFA) and Non-Deterministic Finite Automata (NFA) to find the existence of a pattern in a payload. A subpattern may be selected from each pattern in a set of one or more regular expression patterns based on at least one heuristic. The DFA may be generated from selected subpatterns from all patterns in the set, and at least one NFA may be generated for at least one pattern in the set, optimizing run time performance of the run time processing. | 03-05-2015 |