Direct cache access for network input/output devices

摘要

Methods and systems for improving efficiency of direct cache access (DCA) are provided. According to one embodiment, a set of DCA control settings are defined by a network I/O device of a network security device for each of multiple I/O device queues based on network security functionality performed by corresponding CPUs of a host processor. The control settings specify portions of network packets that are to be copied to a cache of the corresponding CPU. A packet is received by the network I/O device. Information associated with the packet is queued onto an I/O device queue. The information is then transferred from the I/O device queue to a host memory of the network security device. Based on the control settings for the I/O device queue only those portions of the information corresponding to the one or more specified portions are copied to the cache of the corresponding CPU.

主权项

1. A method comprising:
running a first network security application on a first central processing unit (CPU) of a plurality of CPUs of a host processor of a network security appliance; running a second network security application on a second CPU of the plurality of CPUs; defining, by a network Input/Output (I/O) device of the network security appliance, a first direct cache access (DCA) control for a first I/O device queue of a plurality of I/O device queues of the network I/O device corresponding to the first CPU, wherein the first DCA control is indicative of a first set of one or more portions of a packet queued on the first I/O device queue that are to be copied to a cache of the first CPU responsive to transfer of the packet queued on the first I/O device queue to a portion of a host memory of the host processor accessible to the first CPU; defining, by the network Input/Output (I/O) device, a second DCA control for a second I/O device queue of the plurality of I/O device queues corresponding to the second CPU, wherein the second DCA control is indicative of a second set of one or more portions of a packet queued on the second I/O device queue that are to be copied to a cache of the second CPU responsive to transfer of the packet queued on the second I/O device queue to a portion of the host memory accessible to the second CPU; receiving, by the network I/O device, an incoming packet; identifying, by the network I/O device, boundaries of portions of the incoming packet by parsing the incoming packet; and causing appropriate portions of the incoming packet to be processed in parallel by the first network security application and the second network security application by:
queuing, by the network I/O device, the incoming packet on the first I/O device queue;queuing, by the network I/O device, the incoming packet on the second I/O device queue;transferring, by a host controller associated with the host memory, the incoming packet from the first I/O device queue to the portion of the host memory accessible to the first CPU;transferring, by the host controller, the incoming packet from the second I/O device queue to the portion of the host memory accessible to the second CPU;copying, by the host controller, the first set of one or more portions of the incoming packet to the cache of the first CPU; andcopying, by the host controller, the second set of one or more portions of the incoming packet to the cache of the second CPU.