To provide secure communication over end-to-end data paths or segments of end-to-end paths in a timed deterministic packet network including a plurality of packet engines that perform packet handling, cipher engines are provided separately from the packet engines. The cipher engines are operative to perform at least one cyber security function. A cipher engine and key manager provides central control for the plurality of cipher engines. A centralized packet flow path manager, PFPM, may set up endpoint nodes and intermediate transit nodes of the end-to-end data paths of the packet network.

A packet network includes packet engines that perform packet handling. Cipher engines are provided separately from the packet engines for encryption and/or authentication operations. To preserve relative timing and ordering of data packets, a packet engine performs pre-shaping of data traffic, wherein the packet engine inserts dummy packets into a data flow. The packet engine provides the pre-shaped data traffic to a cipher engine.

Technologies for providing streamlined provisioning of accelerated functions in a disaggregated architecture include a compute sled. The compute sled includes a network interface controller and circuitry to determine whether to accelerate a function of a workload executed by the compute sled, and send, to a memory sled and in response to a determination to accelerate the function, a data set on which the function is to operate. The circuitry is also to receive, from the memory sled, a service identifier indicative of a memory location independent handle for data associated with the function, send, to a compute device, a request to schedule acceleration of the function on the data set, receive a notification of completion of the acceleration of the function, and obtain, in response to receipt of the notification and using the service identifier, a resultant data set from the memory sled. The resultant data set was produced by an accelerator device during acceleration of the function on the data set. Other embodiments are also described and claimed.

Some embodiments of the invention provide a forwarding element that can be configured through in-band data-plane messages from a remote controller that is a physically separate machine from the forwarding element. The forwarding element of some embodiments has data plane circuits that include several configurable message-processing stages, several storage queues, and a data-plane configurator. A set of one or more message-processing stages of the data plane are configured (1) to process configuration messages received by the data plane from the remote controller and (2) to store the configuration messages in a set of one or more storage queues. The data-plane configurator receives the configuration messages stored in the set of storage queues and configures one or more of the configurable message-processing stages based on configuration data in the configuration messages.

In an automation network comprising a plurality of network segments, fragmenting subscribers that support a fragmentation method as well as standard subscribers that do not support the fragmentation method can be provided for in the network. A distribution node in the automation network has at least one input/output interface that is in communication with a network segment. The switching unit in the distribution node checks whether a subscriber in a network segment to which a telegram is to be sent supports the fragmentation method, and whether the telegram to be sent is fragmented. If the subscriber does not support the fragmentation procedure and the telegram to be sent is fragmented, the switching unit in the distribution node assembles the telegram fragments to form the telegram and then sends the assembled telegram on to the subscriber.

A network device determines, based on a size of a lookup value, that the lookup value is to be stored across a set of two or more memory banks including a first memory bank and a second memory bank of a database. A first hash function is for determining locations for storing lookup values entirely in the first memory bank, whereas a second hash function is for determining locations for storing lookup values entirely in the second memory bank. A hash operation is performed on the lookup value using the first hash function to determine a memory location for storing the lookup value. A first segment of the lookup value is stored in the first memory bank at the memory location determined using the first hash function, and a second segment of the lookup value is stored in the second memory bank at the memory location determined using the first hash function.

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving a packet from a client, the packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a source port, and wherein the source IP address and source port are associated with the client; selecting a destination virtual machine based on the destination port; modifying the packet by replacing the destination IP address in the header information with an IP address of the selected destination virtual machine; and sending the modified packet to the destination virtual machine.

Some embodiments provide a forwarding element that detects and handles elephant flows. In detecting, the forwarding element of some embodiments monitors statistics or measurements relating to a data flow. In handling, the forwarding element marks each packet associated with a detected elephant flow in some manner to differentiate it from a packet associated with a mouse flow. Alternatively, the forwarding element of break elephant flows into a number mouse flow by facilitating in sending packets associated with the detected elephant flow along different paths.

Embodiments are disclosed for a network switch appliance with a traffic broker that facilitates routing of network traffic between pairs of end nodes on a computer network through a configurable sequence of in-line tools.

System and method for supporting node role attributes in a high performance computing environment. In accordance with an embodiment, a node role attribute can comprise a vendor defined subnet management attribute. When a subnet manager attempts to discover a high performance computing environment, such as an InfiniBand subnet, or a switch topology, identifying a topology is quite complex when subnet manager can only observe connectivity, without context behind the connectivity (the roles of the different nodes in the connectivity). However, when a subnet has a node role attribute enabled, the subnet manager can map the interconnect more effectively as it can discover not only the connectivity during the initial sweep, but it can also discover the role of each node discovered, thus leading to a more efficient interconnect discovery.