公开(公告)号：AU2003259192A1

公开(公告)日：2004-11-23

申请号：AU2003259192

申请日：2003-07-21

Applicant: IBM

Inventor： TRACEY JOHN ,  FREIMUTH DOUGLAS ,  MRAZ RONALD ,  NAHUM ERICH ,  PRADHAN PRASHANT ,  SAHU SAMBIT

IPC: H04B1/74 ,  H04L69/40 ,  G06F11/00

Abstract: The present invention provides a method, computer program product, and data processing system for efficiently recovering state and performing failover of a network offload engine. The present invention distinguishes between the hard state and the soft state of a protocol. Hard state is state information that, when lost, leads to incorrect protocol behavior. Soft state is state information that may be lost or become inconsistent without loss of correctness. The present invention ensures correctness by always being able to recover the hard state of the protocol. A preferred embodiment of the present invention performs a failover of a network offload engine by temporarily blocking the reception of network packets, recovering hard state from host information, resuming network operation using a substitute network offload engine, and recovering soft state from the subsequent network activity.

公开(公告)号：CA2493350A1

公开(公告)日：2004-02-05

申请号：CA2493350

申请日：2003-06-24

Applicant: IBM

Inventor： CHENG PAU-CHEN ,  CHARI SURESH N ,  LEE KANG-WON ,  SHAIKH ANEES A ,  SAHU SAMBIT

IPC: G06F21/20 ,  G06F13/00 ,  G06F15/00 ,  G06F15/173 ,  H04L9/00 ,  H04L9/32 ,  H04L12/56 ,  H04L29/06 ,  H04L29/08

Abstract: Several deterrence mechanisms suitable for content distribution networks (CD N) (120) are provided. These include a hash-based request routing scheme and a site allocation scheme. The hash-based request routing scheme provides a way to distinguish legitimate requests from bogus requests. Using this mechanism , an attacker is required to generate O(n2) amount of traffic to victimize a C DN- hosted site (120) when the site content is served from n CDN caches. Without these modifications, the attacker must generate only 0(n) traffic to bring down the site. The site allocation scheme provides sufficient isolation amon g CDN-hosted Web sites (120) to prevent an attack on one Web site from making other sites unavailable. Using an allocation strategy based on binary codes, it can be guaranteed that a successful attack on any individual Web site tha t disables its assigned servers, does not also bring down other Web sites host ed by the CDN (120).

公开(公告)号：CA2747736C

公开(公告)日：2017-11-07

申请号：CA2747736

申请日：2010-06-11

Applicant: IBM

Inventor： HOU KAI-YUAN ,  HUANG HAI ,  RUAN YAOPING ,  SAHU SAMBIT ,  SHAIKH ANEES A

IPC: G06F11/30 ,  G06F9/455

Abstract: A method monitors machine activity of multiple virtual computing devices operating through at least one physical computing device by running a monitoring agent. The method measures simple operating characteristics of only a base level virtual computing device and monitors complex operating characteristics by measuring the characteristics for each virtual computing device, recording the operating characteristics of each virtual computing device on a corresponding memory page of each virtual computing device, and sharing each the corresponding memory page with the base level virtual computing device through an interdomain communications channels to transfer the complex operating characteristics to the monitoring agent. The method identifies and outputs simple events and complex events for each of the multiple virtual computing devices by evaluating the simple operating characteristics and the complex operating characteristics.

公开(公告)号：GB2514723A

公开(公告)日：2014-12-03

申请号：GB201416418

申请日：2013-02-19

Applicant: IBM

Inventor： KUNDU ASHISH ,  MOHINDRA AJAY ,  SAHU SAMBIT

IPC: G06F9/50

Abstract: In a method for scaling up/down security (non-functional) components of an application, determine ( a) types of interactions and a number of each type of interaction each non-security (functional) component has with security components for a plurality of requests. Determine, based on (a) and an expected number of incoming requests to the application, (b) types of requests to and interactions with the security components involving the non-security components and (c) a number of requests to and interactions with the security components involving non-security components for each type of request to the security components involving non-security components. Determine, for each security component, a capacity required for each type of request involving the non-security components and a capacity required for each type of interaction involving the non-security components. Change the capacities of the security components to new capacities, wherein the new capacities are based on (a), (c) and the determined capacities.

公开(公告)号：CA2573162C

公开(公告)日：2014-02-04

申请号：CA2573162

申请日：2005-06-23

Applicant: IBM

Inventor： FREIMUTH DOUGLAS M ,  HU ELBERT C ,  MRAZ RONALD ,  NAHUM ERICH M ,  PRADHAN PRASHANT ,  SAHU SAMBIT ,  TRACEY JOHN M

IPC: H04L29/06 ,  H04L12/56

Abstract: A number of improvements in network adapters that offload protocol processing from the host processor are provided. Specifically, a mechanism for improving connection establishment in a system utilizing an offload network adapter (730) is provided. The connection establishment mechanism provides the ability to offload connection establishment (1030) and maintenance of connection state information to the offload network adapter (730). As a result of this offloading of connection establishment (1030) and state information maintenance, the number of communications needed between the host system (710) and the offload network adapter (730) may be reduced. In addition, offloading of these functions to the offload network adapter (730) permits bulk notification of established connections and state information to the host system (710) rather than piecemeal notifications as is present in known computing systems.

公开(公告)号：AU2003247703A1

公开(公告)日：2004-02-16

申请号：AU2003247703

申请日：2003-06-24

Applicant: IBM

Inventor： CHARI SURESH N ,  CHENG PAU-CHEN ,  LEE KANG-WON ,  SAHU SAMBIT ,  SHAIKH ANEES A

IPC: G06F21/20 ,  G06F13/00 ,  G06F15/00 ,  G06F15/173 ,  H04L9/00 ,  H04L9/32 ,  H04L12/56 ,  H04L29/06 ,  H04L29/08

Abstract: Several deterrence mechanisms suitable for content distribution networks (CDN) are provided. These include a hash-based request routing scheme and a site allocation scheme. The hash-based request routing scheme provides a way to distinguish legitimate requests from bogus requests. Using this mechanism, an attacker is required to generate O(n2)amount of traffic to victimize a CDN-hosted site when the site content is served from n CDN caches. Without these modifications, the attacker must generate only O(n) traffic to bring down the site. The site allocation scheme provides sufficient isolation among CDN-hosted Web sites to prevent an attack on one Web site from making other sites unavailable. Using an allocation strategy based on binary codes, it can be guaranteed that a successful attack on any individual Web site that disables its assigned servers, does not also bring down other Web sites hosted by the CDN.

公开(公告)号：AT522865T

公开(公告)日：2011-09-15

申请号：AT03816813

申请日：2003-07-21

Applicant: IBM

Inventor： FREIMUTH DOUGLAS ,  MRAZ RONALD ,  NAHUM ERICH ,  PRADHAN PRASHANT ,  SAHU SAMBIT ,  TRACEY JOHN

IPC: G06F11/00 ,  H04B1/74 ,  H04L69/40

Abstract: The present invention provides a method, computer program product, and data processing system for efficiently recovering state and performing failover of a network offload engine. The present invention distinguishes between the hard state and the soft state of a protocol. Hard state is state information that, when lost, leads to incorrect protocol behavior. Soft state is state information that may be lost or become inconsistent without loss of correctness. The present invention ensures correctness by always being able to recover the hard state of the protocol. A preferred embodiment of the present invention performs a failover of a network offload engine by temporarily blocking the reception of network packets, recovering hard state from host information, resuming network operation using a substitute network offload engine, and recovering soft state from the subsequent network activity.

公开(公告)号：CA2747736A1

公开(公告)日：2010-12-16

申请号：CA2747736

申请日：2010-06-11

Applicant: IBM

Inventor： HOU KAI-YUAN ,  HUANG HAI ,  RUAN YAOPING ,  SAHU SAMBIT ,  SHAIKH ANEES A

IPC: G06F15/173

Abstract: A method monitors machine activity of multiple virtual computing devices operating through at least one physical computing device by running a monitoring agent. The method measures simple operating characteristics of only a base level virtual computing device and monitors complex operating characteristics by measuring the characteristics for each virtual computing device, recording the operating characteristics of each virtual computing device on a corresponding memory page of each virtual computing device, and sharing each the corresponding memory page with the base level virtual computing device through an interdomain communications channels to transfer the complex operating characteristics to the monitoring agent. The method identifies and outputs simple events and complex events for each of the multiple virtual computing devices by evaluating the simple operating characteristics and the complex operating characteristics.

公开(公告)号：AT424583T

公开(公告)日：2009-03-15

申请号：AT05754067

申请日：2005-05-23

Applicant: IBM

Inventor： FREIMUTH DOUGLAS ,  HU ELBERTB ,  MRAZ RONALD ,  NAHUM ERICH ,  PRADHAN PRASHANT ,  SAHU SAMBIT ,  TRACEY JOHN M

IPC: G06F13/30 ,  G06F13/28

Abstract: A number of improvements in network adapters that offload protocol processing from the host processor are provided. Specifically, mechanisms for handling memory management and optimization within a system utilizing an offload network adapter are provided. The memory management mechanism permits both buffered sending and receiving of data as well as zero-copy sending and receiving of data. In addition, the memory management mechanism permits grouping of DMA buffers that can be shared among specified connections based on any number of attributes. The memory management mechanism further permits partial send and receive buffer operation, delaying of DMA requests so that they may be communicated to the host system in bulk, and expedited transfer of data to the host system.

公开(公告)号：DE602005003142D1

公开(公告)日：2007-12-13

申请号：DE602005003142

申请日：2005-06-23

Applicant: IBM

Inventor： FREIMUTH DOUGLAS M ,  HU ELBERT C ,  MRAZ RONALD ,  NAHUM ERICH M ,  PRADHAN PRASHANT ,  SAHU SAMBIT ,  TRACEY JOHN M

IPC: H04L29/06 ,  H04L12/56

Abstract: A number of improvements in network adapters that offload protocol processing from the host processor are provided. Specifically, a mechanism for improving connection establishment in a system utilizing an offload network adapter is provided. The connection establishment mechanism provides the ability to offload connection establishment and maintenance of connection state information to the offload network adapter. As a result of this offloading of connection establishment and state information maintenance, the number of communications needed between the host system and the offload network adapter may be reduced. In addition, offloading of these functions to the offload network adapter permits bulk notification of established connections and state information to the host system rather than piecemeal notifications as is present in known computing systems.