Technologies for dynamically managing a batch size of packets include a network device. The network device is to receive, into a queue, packets from a remote node to be processed by the network device, determine a throughput provided by the network device while the packets are processed, determine whether the determined throughput satisfies a predefined condition, and adjust a batch size of packets in response to a determination that the determined throughput satisfies a predefined condition. The batch size is indicative of a threshold number of queued packets required to be present in the queue before the queued packets in the queue can be processed by the network device.

Methods and apparatus for secure networking protocol optimization via NIC hardware offloading. Under a method, security offload entries are cached in a flow table or a security database offload table on a network interface coupled to a host that implements a host security database mapping flows to Security Association (SA) contexts. Each security offload entry includes information identify a flow and information, such as an offset value, to locate a corresponding entry for the flow in the host security database. Hardware descriptors for received packets that belong to flows with matching security offload entries are generated and marked with the information used to locate the corresponding entries in the host security database. The hardware descriptors are processed by software on the host and the location information is used to de-reference the location of applicable entries in the host security database.

Some embodiments of the invention provide a novel method of performing network slice-based operations on a data message at a hardware forwarding element (HFE) in a network. For a received data message flow, the method has the HFE identify a network slice associated with the received data message flow. This network slice in some embodiments is associated with a set of operations to be performed on the data message by several network elements, including one or more machines executing on one or more computers in the network. Once the network slice is identified, the method has the HFE process the data message flow based on a rule that applies to data messages associated with the identified slice.

A communication system comprising at least one smart network interface card (“NIC”) provided with a logic/programmable processor and a local memory, and a computing element, wherein a communication bus is used to connect said smart NIC and said computing element to enable forwarding data there-between, wherein the system is characterized in that said smart NIC is configured to receive data packets, to extract data therefrom and to forward less than all data comprised in the received data packets, to said computing element along said communication bus, and wherein the forwarded data comprises data which is preferably required for making networking decisions that relate to that respective data packet.

A communication device (10) communicates in a network in which a TSN (Time-Sensitive Networking) technique is used. A time slot management unit (21) notifies that time slots in the TSN technique have been switched. A data receiving unit (23) stores reception data in a reception data storage unit (25) when the reception data received from other communication devices (10) is not transmission data transmitted during a current time slot. When the time slot management unit (21) notifies that the time slots have been switched, the data receiving unit (23) delivers to a reception task (27), the reception data which is the transmission data transmitted during a time slot after being switched and is stored in a reception data storage unit (25).

A novel design of a gateway that handles traffic in and out of a network by using a datapath pipeline is provided. The datapath pipeline includes multiple stages for performing various data-plane packet-processing operations at the edge of the network. The processing stages include centralized routing stages and distributed routing stages. The processing stages can include service-providing stages such as NAT and firewall. The gateway caches the result previous packet operations and reapplies the result to subsequent packets that meet certain criteria. For packets that do not have applicable or valid result from previous packet processing operations, the gateway datapath daemon executes the pipelined packet processing stages and records a set of data from each stage of the pipeline and synthesizes those data into a cache entry for subsequent packets.

Particular embodiments described herein provide for a system for enabling communication between a packet processing unit and a network interface controller (NIC) using an extension object, the system can include memory, one or more processors, and a processing unit extension object engine. The processing unit extension object engine can be configured to cause a packet to be received at the packet processing unit, where the packet processing unit is on a system on chip (SoC), add an extension object portion to the packet to create a modified packet, and cause the modified packet to be communicated to the NIC located on the same SoC. In an example, the extension object portion includes type data and partition data. The packet can be an Ethernet packet and the extension object portion can be added before a payload portion of the packet.

Systems and methods include receiving incoming packets associated with flows in a data center network where the flows are forwarded on a per-packet basis; maintaining a state of each of the flows and of received incoming packets; and dequeuing the received incoming packets based on one or more packet dequeue conditions and the state. The edge switch can be one of a Top of Rack switch and a Network Interface Card (NIC) communicatively coupled to a corresponding server. The received incoming packets can utilize a transport protocol including any of Transmission Control Protocol (TCP), Xpress Transport Protocol (XTP), and Stream Control Transmission Protocol (SCTP).

Systems and methods for providing an integrated or Smart NIC-based hardware accelerator for a network security device to facilitate identification and mitigation of DoS attacks is provided. According to one embodiment, a processor of a network security device receives an application layer protocol request from a client, directed to a domain hosted by various servers and protected by the network security device. The application layer protocol request is parsed to extract a domain name and a path string. The hardware acceleration sub-system updates rate-based counters based on the application layer protocol request by performing a longest prefix match on the domain name and the path string. When a rate threshold associated with the rate-based counters is exceeded, a challenge message is created and transmitted to the client, having embedded therein the application layer protocol request; otherwise the application layer protocol request is allowed to pass through the network security device.

A novel design of a gateway that handles traffic in and out of a network by using a datapath pipeline is provided. The datapath pipeline includes multiple stages for performing various data-plane packet-processing operations at the edge of the network. The processing stages include centralized routing stages and distributed routing stages. The processing stages can include service-providing stages such as NAT and firewall. The gateway caches the result previous packet operations and reapplies the result to subsequent packets that meet certain criteria. For packets that do not have applicable or valid result from previous packet processing operations, the gateway datapath daemon executes the pipelined packet processing stages and records a set of data from each stage of the pipeline and synthesizes those data into a cache entry for subsequent packets.