System and method for data center security enhancements leveraging managed server SOCs

Information

  • Patent Grant
  • 9929976
  • Patent Number
    9,929,976
  • Date Filed
    Tuesday, September 20, 2016
    8 years ago
  • Date Issued
    Tuesday, March 27, 2018
    6 years ago
Abstract
A data center security system and method are provided that leverage server systems on a chip (SOCs) and/or server fabrics. In more detail, server interconnect fabrics may be leveraged and extended to dramatically improve security within a data center.
Description
FIELD

The disclosure relates generally to security aspects for data centers and in particular to data center security enhancements leveraging server systems on a chip (SOCs) or server switch fabrics.


BACKGROUND


FIGS. 1A and 1B show a classic data center network aggregation as is currently well known. FIG. 1A shows a diagrammatical view of a typical network data center architecture 100 wherein top level switches 101a-n are at the tops of racks 102a-n filled with blade servers 107a-n interspersed with local routers 103a-f Additional storage routers and core switches. 105a-b and additional rack units 108a-n contain additional servers 104e-k and routers 106a-g FIG. 1b shows an exemplary physical view 110 of a system with peripheral servers 111a-bn arranged around edge router systems 112a-h, which are placed around centrally located core switching systems 113. Typically such an aggregation 110 has 1-Gb Ethernet from the rack servers to their top of rack switches, and often 10 Gb Ethernet ports to the edge and core routers. These typical data centers do not have good security.


The idea of network security is well known. The terms used in field of network security may include deep packet inspection (DPI) and intrusion prevention systems (IPS) which are also known as Intrusion Detection and Prevention Systems (IDPS) and are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity. The network security may also utilize an intrusion detection system (IDS), which is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.



FIG. 2 shows a typical implementation of an IDS and IPS within a corporate network. In the typical implementation, the IDS is focused on detection, monitoring, and reporting of potential intrusions. As such, the IDS is implemented out-of-line of the core network flow and is not invasive (located outside of the firewall and attached to a DMZ switch as shown in FIG. 2). The IPS adds the capability to prevent and block potential intrusion or undesired network flows and the IPS is implemented in-line of the core network flow.


Typical systems of a chip (SoCs) have security features, such as security zones. For example, ARM® processors and IP implement TrustZone as one layer of hardware, software, and system security. Further details of the TrustZone aspect of ARM® processors and IP can be found at http://www.arm.com/products/processors/technologies/trustzone.php and the materials located there are incorporated herein by reference. The security of the system is achieved by partitioning all of the SoC's hardware and software resources so that they exist in one of two worlds the Secure world for the security subsystem, and the Normal world for everything else. Hardware logic present in the TrustZone-enabled AMBA3 AXI bus fabric ensures that no Secure world resources can be accessed by the Normal world components, enabling a strong security perimeter to be built between the two.


The second aspect of the TrustZone hardware architecture is the extensions that have been implemented in some of the ARM® processor cores. These extensions enable a single physical processor core to safely and efficiently execute code from both the Normal world and the Secure world in a time-sliced fashion. This removes the need for a dedicated security processor core, which saves silicon area and power, and allows high performance security software to run alongside the Normal world operating environment. However, these SOC security features have not been effectively extended to the security of a data center.


Thus, it is desirable to provide a data center security system and method that leverage server systems on a chip (SOCs) and/or server fabrics, and it is to this end that the disclosure is directed.





BRIEF DESCRIPTION OF THE DRAWINGS


FIGS. 1A and 1B illustrate a typical data center system;



FIG. 2 shows a typical implementation of an IDS and IPS within a corporate network;



FIG. 3 illustrates a high-level topology of a network aggregating system that may be leveraged for increased security in a data center;



FIG. 4 illustrates a block diagram of an exemplary switch of the network aggregation system that may be leveraged for increased security in a data center;



FIG. 5 illustrates a network aggregation system with a network switch and enhanced security;



FIG. 6 illustrates a four-node server fabric with a network switch and enhanced security; and



FIG. 7 illustrates a small three-node server fabric with a network switch and enhanced security.





DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The disclosure is particularly applicable to a Calxeda™ server system on a chip and Calxeda™ switch fabrics as illustrated and described below with the security aspects and it is in this context that the disclosure will be described. However, the principles described below can be applied to other server-on-a-chip systems.


A server-on-a-chip (SOC) with packet switch functionality is focused on network aggregation. It contains a layer 2 packet switch, with routing based on source/destination MAC addresses. It further supports virtual local area network (VLAN), with configurable VLAN filtering on domain incoming packets to minimize unnecessary traffic in a domain. The embedded MACs within the SOC do have complete VLAN support providing VLAN capability to the overall SOC without the embedded switch explicitly having VLAN support.



FIG. 3 shows a high-level topology 800 of the network system that illustrates XAUI (a well-known interface standard) connected SoC nodes connected by the switching fabric. Two 10 Gb Ethernet ports Eth0 801a and Eth1 801b come from the top of the tree. Ovals 802a-n are Calxeda™ nodes that comprise at least one computational processors and an embedded switch. Each node may have five XAUI links connected to the internal switch. The switching layers use all five XAUI links for switching. Level 0 leaf nodes 802d, e (i.e., N0n nodes, or Nxy, where x=level and y=item number) only use one XAUI link to attach to the interconnect, leaving four high-speed ports that can be used as XAUI, 10 Gb Ethernet, PCIe, SATA, etc., for attachment to I/O. The vast majority of trees and fat trees have active nodes only as leaf nodes, and the other nodes are pure switching nodes. This approach makes routing much more straightforward. Topology 800 has the flexibility to permit every node to be a combination computational and switch node, or just a switch node. Most tree-type implementations have I/O on the leaf nodes, but topology 800 let the I/O be on any node. In general, placing the Ethernet at the top of the tree (the Ethernet ports) minimizes the average number of hops to the Ethernet.


The system and method also supports a routing using a tree-like or graph topology that supports multiple links per node, where each link is designated as an Up, Down, or Lateral link, or both, within the topology. In addition, each node in the system may be a combination computational/switch node, or just a switch node, and input/output (I/O) can reside on any node as described below in more detail. The system may also provide a system with a segmented Ethernet Media Access Control (MAC) architecture which may have a method of re-purposing MAC IP addresses for inside MACs and outside MACs, and leveraging what would normally be the physical signaling for the MAC to feed into the switch. The system may also provide a method of non-spoofing communication, as well as a method of fault-resilient broadcasting, which may have a method of unicast misrouting for fault resilience.


A data center with the Calxeda™ server system on a chip may be implemented using the set of fabric connected nodes with Ethernet uplinks as shown in FIG. 3. Each node may be one or more Calxeda server boxes each of which has at least one Calxeda™ server system on a chip.


The system may also provide a rigorous security between the management processor cores, such that management processors can “trust” one another. In the example node 900 shown in FIG. 4 (which is described below in more detail), there is a management processor core within each SoC (block 906, FIG. 4). The software running on the management processor is trusted because a) the vendor (in this case Calxeda™) has developed and verified the code, b) non-vendor code is not allowed to run on the processor. Maintaining a Trust relationship between the management processors allow them to communicate commands (e.g. reboot another node) or request sensitive information from another node without worrying that a user could spoof the request and gain access to information or control of the system.


Typically the management processor, block 906, is running an embedded OS, while the multiple processor cores represented by block 905 are more typically running a standard operating system, such as Linux. The management processor would typically use one of the Ethernet MACs, in this case block 907, while the main processors, block 905, would utilize the remaining Ethernet MACs, in this case blocks 902 and 903.


Each routing header unit 901, that may be implemented as a processing unit or processor, prepends routing headers to layer 2 Ethernet frames to form a routing frame going into the fabric switch, and removes the routing headers as they leave the switch and enter standard Ethernet MACs. The routing frame is composed of the routing frame header plus the core part of the Ethernet frame, and is structured as shown in Table 1, below:









TABLE 1







Routing Header Prepended to Layer 2 Frame








Routing Frame



Header
Ethernet Frame Packet















RF Header
MAC
MAC
Ethertype/
Payload
CRC32



destination
Source
Length
(data and







padding)









The routing frame header (RF Header) typically consists of the fields shown in Table 2, below:









TABLE 2







Routing Header Fields










Width



Field
(Bits)
Notes












Domain ID
5
Domain ID associated with this packet. 0




indicates that no domain has been specified.


Mgmt Domain
1
Specifies that the packet is allowed on the




private management domain.


Source Node
12
Source node ID


Source Port
2
0 = MAC0, 1 = MAC1, 2 = MAC_management




processor, 3 = MAC_OUT


Dest Node
12
Desitnation node ID


Dest Port
2
0 = MAC0, 1 = MAC1, 2 = MAC_management




processor, 3 = MAC_OUT


RF Type
2
routing Frame Type (0 = Unicast, 1 = Multicast,




2 = Neighbor Multicast, 3 = Link Directed)


TTL
6
time to Live—# of hops that this frame has




existed. Switch will drop packet if the TTL




threshhold is exceeeded (and notify




management processor of exception).


Broadcast ID
5
Broadcast ID for this source node for this




broadcast packet.


Checksum

Checksum of the frame header fields.


Total
46
+checksum









The Routing Header processor 901 contains a MAC Lookup CAM (Content Addressable Memory) (MCAM), macAddrLookup, that maps from 6 byte MAC addresses to 12-bit Node IDs, as shown in Table 3, below.









TABLE 3







MAC Address CAM (MCAM)










MAC Lookup CAM Input
MAC Lookup CAM Output












Node Local
MAC Address
Node ID
Port ID







1 bit
6 bytes
12 bits
2 bits










The approach to security domain management in the system and method disclosed here is as follows: Support multiple domain IDs within the fabric. Allow each of the MACs within a node (management processor, MAC0, MAC1, Gateway) to be assigned to a domain ID individually (and tagged with domain 0 if not set). Allow each of the MACs within a node to have a bit indicating access to the management domain. The domain IDs associated with a MAC could only be assigned by the management processor, and could not be altered by the A9. For frames generated by MACs (both inside and outside), the routing frame processor would tag the routing frame with the domain ID and management domain state associated with that MAC. Domains would provide the effect of tunnels or VLANs, in that they keep packets (both unicast and multicast) within that domain, allowing MACs outside that domain to be able to neither sniff or spoof those packets. Additionally, this approach would employ a five-bit domain ID. It would add options to control domain processing, such as, for example, a switch with a boolean per MAC that defines whether packets are delivered with non-defined (i.e., zero) domain ID, or a switch that has a boolean per MAC that defines whether packets are delivered with defined (non-zero) but non-matching domain IDs. A further option in the switch could turn off node encoded MAC addresses per MAC (eliminating another style of potential attack vector). Each of these options described in this paragraph are options that are implemented in the fabric switch, controlled by bits in the control status registers (CSRs) of the fabric switch. Software initializes the CSRs to the desired set of options.


To keep management processor to management processor communication secure, the management domain bit on all management processor MACs could be marked. Generally, the management processor should route on domain 1 (by convention). Such a technique allows all the management processor's to tunnel packets on the management domain so that they cannot be inspected or spoofed by any other devices (inside or outside the fabric), on other VLANs or domains. Further, to provide a secure management LAN, a gateway MAC that has the management domain bit set could be assigned, keeping management packets private to the management processor domain. Additionally, the switch fabric could support “multi-tenant” within itself, by associating each gateway MAC with a separate domain. For example, each gateway MAC could connect to an individual port on an outside router, allowing that port to be optionally associated with a VLAN. As the packets come into the gateway, they are tagged with the domain ID, keeping that traffic private to the MACs associated with that domain across the fabric.


Unicast routing is responsible for routing non-multicast (i.e. unicast) packets to the next node. This is done by utilizing a software computed unicastRoute[ ] next node routing table that provides a vector of available links to get to the destination node.


Server Interconnect Fabric Security


The above server fabric and switch fabric can benefit by enhanced security and a number of techniques to leverage and extend upon server interconnect fabrics that have some or all of the characteristics described above to dramatically improve security within a data center are described. The different embodiments implement “packet processing” which may include a wide range of packet processing including, but not limited to: IDS functionality, IPS functionality, sFlow monitoring (wherein sFlow is a specification for monitoring computer networks set forth in an sFlow specification that is RFC 3176) Packet routing or bridging between networks, Deep packet inspection, Packet logging, Transparent VPN encapsulation, Packet encryption/decryption and/or Packet compression/decompression.


Use of Management Processor for Out-of-Band Security


A first embodiment relates to the use of management processor for out-of-band security. The integration of a separate management processor within the same SoC as the core application processors enables new classes of security. The enabling attributes of the management processor include:


Management processor running within Secure world security zone. Application processor running in Normal world security zone, although underlying secure hypervisors on the Application processor may have the ability to run in Secure world.


The management processor by running in Secure world has complete access to all the resources of the SoC including:


processor state of the application processor


debug control of the application processor


access to all memory and peripheral resources of the Soc


This technique allows the management processor running in Secure world to provide Out-of-Band (OOB), as seen by the application processors, communication between nodes to facilitate security/integrity monitoring services. These innovations include:


Since the management processor can access all SoC RAM, management processors on different nodes can compare portions of the DRAM on their nodes to identify unexpected changes to memory regions that are expected to not vary over time.


This facilitates not only security use cases, but also a dynamic fault discovery use case.


Live capture of a node's memory image, or parts of it, or signatures of it, for any purpose—troubleshooting, forensics, image migration, hibernation, by other management or application processors, or even by external systems. This OOB peek mechanism could be used to facilitate malware detection from a central location utilizing a management controller that just answers requests to fetch portions of memory, offloading the analysis to a computer with more resources.


This allows the malware detection engine to be free from modification attempts by malware—there isn't anything the malware can do to disable the “anti-virus” detection since the mechanisms are completely OOB and protected from the application processors.


Can be used in combination with code running on the application processor—application whitelisting, for example. The application processor can request the management processor to verify the authenticity of some code before running it. This should be more secure than white-listing code running in the kernel on the application processor, which is the current technique being used.


Isolation of Nodes that have been Security Compromised or are Malfunctioning


The second embodiment relates to the isolation of nodes that have been security compromised or are malfunctioning. There are cases where, though other known techniques not described herein, a determination has been made that a node needs to be isolated, including:


A security violation has been detected on a node, including a compromised OS kernel, a root kit, or a damaging virus.


There are also failure modes, both hardware and software, that could cause a node to fail in such a way that it is causing disruptive traffic on the server fabric.


Compromise detection is software driven, can come from any source including failures in remote attestation, malware detection, IPS/IDS built into the fabric, or external, manual operator control, management processor DRAM monitoring as discussed in Disclosure 9, and by other known means.


The following techniques can be used to isolate offending nodes:


The management processor can power off the application processor, or the offending peripheral.


The management processor can alter the security zone settings to software isolate the offending device or processor.


The management processor can alter the fabric MCAM, routing tables, or gateway node IDs to prevent the fabric from emitting potentially compromised packets into the fabric.


Use the Management Processor to Provide Controller/Device Virtualization for the Application Processors


The third embodiment relates to the use of the management processor to provide controller/device virtualization for the application processors. The management processor can be used to provide controller or device virtualization for the application processor for both local and remote devices using the following technique:


Use TrustZone or similar security zones to block access to a device from the application processors, and then have the application processor communicate to the management processor to access it. For example, the application processor could send a NAND read request to the management processor via IPC (Inter-Processor Communication channel), the management processor could approve or disapprove it, and then forward the request to the NAND controller protected in Secure world. The management processor can then return the status of the request to the application processor via IPC. This mechanism can be similarly used for other forms of access control and logging.


A network firewall, IPS, or IDS can also be implemented via this technique. The management processor can inspect packets before forwarding them to a MAC that is protected via Secure World.


Trusted Platform Module (TPM) services can similarly be provided by the management processor.


The management processor can take advantage of the server fabric when deciding what to do with requests to access devices—request remote authorization for example.


The management processor could log requests either locally or remotely.


Using the Management Processor to Provide a Secure Logging Path


The fourth embodiment relates to using the management processor to provide a secure logging path since keeping logs secure for audits is a significant aspect of most regulatory/financial compliance requirements. This can be accomplished using the following technique:


In traditional systems, the application processor would rely on logging to local storage, network storage, or communicating logging data to a remote server. With this technique, the application processor can send log messages securely to the management processor.


The logging mechanism of the management processor is thus completely decoupled and secured from the application processor.


The management processor then has multiple options for persisting the secured logging, including:


Logging to a central log server via it's secure management fabric domain


Log locally to private storage to the management processor


Log to other storage subsystems protected in the Secure trust world, not accessible to the application processor.


Use the Management Processor to Provide a Secure Auditing Path


The fifth embodiment relates to the use of the management processor to provide a secure auditing path. Instead of relying on the main network domain to the application processor to perform audits of systems, this technique will utilize the management domain to secure the audit processes.


Allows network audits to be done securely, in secure network paths.


As an example, part of an audit may be to perform a port scan of a system. This is relatively low bandwidth—instead of talking directly to the application processor over its normal data path, the request can be proxied via the management processor in a network-proxy type fashion.


In one implementation, the management processor can do this is a ‘dumb’ method, using techniques such as SNAT (secure network address translation) to ensure the responses are routed back through the management processor instead of out over the fabric.


Or the management processor can have local auditing control. An example of this implementation may include responding to a port scan request and generate the port scan traffic itself. An additional example is logging in via ssh to verify logs, file integrity, permission integrity, or similar auditing tasks.


Use the Management Processor to Provide Out-of-Band (OOB) Network Access to the Application Processor


The sixth embodiment relates to the use of the management processor to provide out-of-band (OOB) network access to the application processor. This technique extends the technique described above by using the management processor as a NATing router using the following technique:


An application processor may use a Ethernet controller (say MAC0) to communicate in its main ‘data path’—traffic sent out it is routed out via the fabric like normal, at line rate, not touched by the management processor.


An application processor can further use a second Ethernet controller (say MAC1) to communicate with external hosts via the management processor.


An extra MAC address can be associated with a node's management processor's MAC port so that any traffic sent to either of two MAC addresses goes to that port.


One of the MAC addresses can be used for normal IP traffic for the management processor.


The other can be recognized by special software on the management processor as being destined for the application processor.


The management processor can then do a NAT type change of the destination


MAC address of the packet so that the fabric switch will route it to MAC1, where the application processor will receive it. It can also change the source MAC address to the original destination MAC address of the packet, so that a response to the source MAC address will also be directed to the management processor's MAC.


The application processor side won't need any special software to support this.


Could potentially do this on not just the local application processor, but also over the fabric to other nodes. Could use a second application processor instead of the local management processor in that implementation.


Dynamic Security Zones for DMA Masters


The seventh embodiment relates to dynamic security zones for direct memory access (DMA) masters. With the ARM TrustZone implementation, as well as other security zone implementations, the DMA Masters, including independent DMA controllers as well as those found embedded in peripheral IP such as disk and ethernet controllers, are configured to either respond to the Secure world or the Normal world. IP vendors either hardwire this setting and don't allow you to change it, or offer a parameter to set it one-way permanently. The following technique extends the fixed relationship of DMA Master's to security zones:


A security zone register is added between the internal SoC fabric and each DMA master.


The security zone register is itself protected in Secure world so that untrusted master's can change it.


The security zone register provides the current security zone to the internal SoC fabric for that transaction.


This enables use cases including:


Static configuration of DMA master security zones at boot time. If a thread running in Normal world attempts to access a DMA master that is configured in Secure world than the thread will get an equivalent of a bus abort.


Ability for trusted hypervisors running in Secure world to dynamically change the visibility of DMA master's depending. This allows for some guest OS's to be able to directly access a DMA master while other's won't have visibility to it.


Secure Boot-Loading of the Application Processor by the Management Processor


The eighth embodiment relates to secure boot-loading of the application processor by the management processor. The management processor can bootstrap the application processor by preloading the application processor's boot-loader into DRAM prior to releasing the application processor from reset. This allows the management processor to completely control the contents of the application processors boot-loader, including whether or not the application processor exits secure world immediately and permanently, whether the application processor can selectively enter secure mode, and which interrupts it can service in secure mode only. It also allows the application processor's boot-loader to be cryptographically verified prior to loading it, to ensure the integrity of the boot-loader, or to insure the boot loader was signed by a proper authority. It also allows the application processor's boot loader to be stored in a location inaccessible to the application processor itself, which prevents the application processor from modifying it, while still allowing it to be updated via the management processor's secure channels. The management processor can use its secure management fabric domain to source the application processor's boot-loader dynamically on demand, or can retrieve new versions of it that can be stored in local non-volatile memory.


DMA Master Configurable Coherency


The ninth embodiment relates to DMA master configurable coherency. In traditional SoC implementations, a DMA master is designed to be either cache-coherent, or non-coherent. This design usually includes the following characteristics:


For a cache-coherent implementation, the DMA master is connected to a cache-coherency controller. As an example, in one ARM implementation, the DMA master would be connected via AXI to the Accelerator Coherency Port.


For a non-cache coherent implementation, the DMA master is connected via the SoC internal fabric directly to the memory subsystem, bypassing the caching subsystem.


Other common implementation details include design configuration of the DMA master on cacheability configuration.


Using the technique of this embodiment, a DMA master may be dynamically configured as either coherent or non-coherent using the following technique:


A software controlled multiplexer may be defined to map the DMA Master to either a coherent port on the cache coherency controller, or directly to the memory subsystem, bypassing the caching subsystem.


Software controlled register over-rides any hardwired cacheability settings found in the DMA Master IP, so cacheability can be altered when switching between the coherent and non-coherent configuration.


The cache-coherent and non-coherent interfaces to a DMA controller can affect both the ease of writing the device driver and the resulting performance. But, these tradeoffs can vary by operating system, implementation of the device driver, as well as the devices connected to the DMA master.


This technique allows a specific hardware/software/system implementation to be optimized at boot-time, rather than hard-wiring the DMA Master coherency decision at SoC design time.


While the foregoing has been with reference to a particular embodiment of the disclosure, it will be appreciated by those skilled in the art that changes in this embodiment may be made without departing from the principles and spirit of the disclosure, the scope of which is defined by the appended claims.

Claims
  • 1. A method comprising: interconnecting nodes in a network, wherein each of the nodes includes a management processor, an application processor, and a routing header unit;generating management information by the management processors in the interconnected nodes;attaching a routing header to the management information to form a management information routing frame, wherein the routing header includes a management processor domain indicator which specifies that the management information routing frame is to remain within a management processor domain during routing,determining a node in the network requires isolation from other nodes in the network; andisolating the node determined to require isolation by a management processor corresponding to the node powering off an application processor for the node.
  • 2. The method of claim 1, wherein the management processor domain comprises the management processors but not the application processors.
  • 3. The method of claim 1, further comprising: running the management processors within a security zone; andrunning the application processors within a normal security zone.
  • 4. The method of claim 1, further comprising running, by the management processors, verified code.
  • 5. The method of claim 1, further comprising communicating, by the management processors, sensitive information with one another.
  • 6. The method of claim 1, further comprising providing, by the management processors, out-of-band security for the nodes.
  • 7. A system on a chip (SoC) node comprising: a management processor configured to generate management information;an application processor coupled to the management processor;a routing header unit configured to attach a routing header to the management information to form a management information routing frame, wherein the routing header includes a management processor domain indicator which specifies that the management information routing frame is to remain within a management processor domain during routing;determine a node in the network requires isolation from other nodes in the network; andisolate the node determined to require isolation by a management processor corresponding to the node powering off an application processor for the node.
  • 8. The SoC node of claim 7, wherein the management processor is further configured to run within a security zone, and wherein the application processor is configured to run within a normal security zone.
  • 9. The SoC node of claim 7, further comprising a media access control (MAC) associated with the management processor, wherein the MAC is configured to form a MAC packet for the management information, and wherein the routing header unit is further configured to attach the routing header to the MAC packet.
  • 10. The SoC node of claim 7, wherein the management processor runs an embedded operating system (OS), and wherein the application processor runs a standard OS.
  • 11. The SoC node of claim 7, wherein the management processor domain indicator is one bit.
  • 12. The SoC node of claim 7, wherein the management processor is in the management processor domain, and wherein the application processor is not in the management processor domain.
  • 13. A system on a chip (SoC) node fabric comprising: nodes interconnected to each other to form a fabric, wherein each node includes:a management processor configured to generate management information;an application processor coupled to the management processor; anda routing header unit configured to attach a routing header to the management information to form a management information routing frame, wherein the routing header comprises a management processor domain indicator which specifies that the management information routing frame is to remain within a management processor domain during routing;determine a node in the network requires isolation from other nodes in the network; andisolate the node determined to require isolation by a management processor corresponding to the node powering off an application processor for the node.
  • 14. The SoC node fabric of claim 13, wherein the management processors run within a security zone, and wherein the application processors run within a normal security zone.
  • 15. The SoC node fabric of claim 13, wherein the management processor domain comprises the management processors but not the application processors.
  • 16. The SoC node fabric of claim 13, wherein the management processors are further configured to run verified code thereon.
  • 17. The SoC node fabric of claim 13, wherein the management processors provide out-of-band security for the nodes.
  • 18. The SoC node fabric of claim 13, wherein the management processor domain comprises a gateway media access control (MAC).
CROSS-REFERENCE TO RELATED PATENT APPLICATIONS

This application is a Continuation of U.S. application Ser. No. 14/334,178, filed Jul. 17, 2014, which is a Continuation of U.S. application Ser. No. 13/475,722, filed May 18, 2012, which claims priority from Provisional application U.S. Application 61/489,569, filed May 24, 2011; U.S. application Ser. No. 13/475,722 is also a Continuation-In-Part of U.S. application Ser. No. 12/794,996, filed Jun. 7, 2010, which claims priority from Provisional application U.S. Application 61/256,723, filed Oct. 30, 2009, all of which are incorporated herein by reference in their entirety.

US Referenced Citations (365)
Number Name Date Kind
5451936 Yang et al. Sep 1995 A
5594908 Hyatt Jan 1997 A
5623641 Kadoyashiki Apr 1997 A
5781187 Gephardt et al. Jul 1998 A
5901048 Hu May 1999 A
5908468 Hartmann Jun 1999 A
5968176 Nessett et al. Oct 1999 A
5971804 Gallagher et al. Oct 1999 A
6055618 Thorson Apr 2000 A
6141214 Ahn Oct 2000 A
6181699 Crinion et al. Jan 2001 B1
6192414 Horn Feb 2001 B1
6198741 Yoshizawa et al. Mar 2001 B1
6252878 Locklear Jun 2001 B1
6314487 Hahn et al. Nov 2001 B1
6314501 Gulick et al. Nov 2001 B1
6373841 Goh et al. Apr 2002 B1
6442137 Yu et al. Aug 2002 B1
6446192 Narasimhan et al. Sep 2002 B1
6452809 Jackson et al. Sep 2002 B1
6507586 Satran et al. Jan 2003 B1
6556952 Magro Apr 2003 B1
6574238 Thrysoe Jun 2003 B1
6661671 Franke et al. Dec 2003 B1
6711691 Howard et al. Mar 2004 B1
6766389 Hayter et al. Jul 2004 B2
6813676 Henry et al. Nov 2004 B1
6816750 Klaas Nov 2004 B1
6842430 Melnik Jan 2005 B1
6857026 Cain Feb 2005 B1
6963926 Robinson Nov 2005 B1
6963948 Gulick Nov 2005 B1
6977939 Joy et al. Dec 2005 B2
6988170 Barroso et al. Jan 2006 B2
6990063 Lenoski et al. Jan 2006 B1
7020695 Kundu et al. Mar 2006 B1
7032119 Fung Apr 2006 B2
7080078 Slaughter et al. Jul 2006 B1
7080283 Songer et al. Jul 2006 B1
7095738 Desanti Aug 2006 B1
7119591 Lin Oct 2006 B1
7143153 Black et al. Nov 2006 B1
7165120 Giles et al. Jan 2007 B1
7170315 Bakker et al. Jan 2007 B2
7180866 Chartre et al. Feb 2007 B1
7203063 Bash et al. Apr 2007 B2
7257655 Burney et al. Aug 2007 B1
7263288 Islam Aug 2007 B1
7274705 Chang et al. Sep 2007 B2
7278582 Siegel et al. Oct 2007 B1
7310319 Awsienko et al. Dec 2007 B2
7325050 O'Connor et al. Jan 2008 B2
7337333 O'Conner et al. Feb 2008 B2
7340777 Szor Mar 2008 B1
7353362 Georgiou et al. Apr 2008 B2
7382154 Ramos et al. Jun 2008 B2
7386888 Liang et al. Jun 2008 B2
7418534 Hayter et al. Aug 2008 B2
7437540 Paolucci et al. Oct 2008 B2
7447147 Nguyen et al. Nov 2008 B2
7447197 Terrell et al. Nov 2008 B2
7466712 Makishima et al. Dec 2008 B2
7467306 Cartes et al. Dec 2008 B2
7467358 Kang et al. Dec 2008 B2
7502884 Shah et al. Mar 2009 B1
7519843 Buterbaugh et al. Apr 2009 B1
7555666 Brundridge et al. Jun 2009 B2
7583661 Chaudhuri Sep 2009 B2
7586841 Vasseur Sep 2009 B2
7596144 Pong Sep 2009 B2
7599360 Edsall et al. Oct 2009 B2
7606225 Xie et al. Oct 2009 B2
7606245 Ma et al. Oct 2009 B2
7616646 Ma et al. Nov 2009 B1
7620057 Aloni et al. Nov 2009 B1
7644215 Wallace et al. Jan 2010 B2
7657677 Huang et al. Feb 2010 B2
7657756 Hall Feb 2010 B2
7660922 Harriman Feb 2010 B2
7664110 Lovett Feb 2010 B1
7673164 Agarwal Mar 2010 B1
7710936 Morales Barroso May 2010 B2
7719834 Miyamoto et al. May 2010 B2
7721125 Fung May 2010 B2
7751433 Dollo et al. Jul 2010 B2
7760720 Pullela et al. Jul 2010 B2
7761687 Blumrich et al. Jul 2010 B2
7783910 Felter et al. Aug 2010 B2
7791894 Bechtolsheim Sep 2010 B2
7792113 Foschiano et al. Sep 2010 B1
7796399 Clayton et al. Sep 2010 B2
7801132 Ofek et al. Sep 2010 B2
7802017 Uemura et al. Sep 2010 B2
7805575 Agarwal et al. Sep 2010 B1
7831839 Hatakeyama Nov 2010 B2
7840703 Arimilli et al. Nov 2010 B2
7865614 Lu et al. Jan 2011 B2
7925795 Tamir et al. Apr 2011 B2
7934005 Fascenda Apr 2011 B2
7970929 Mahalingaiah Jun 2011 B1
7975110 Spaur et al. Jul 2011 B1
7991817 Dehon et al. Aug 2011 B2
7991922 Hayter et al. Aug 2011 B2
7992151 Warrier et al. Aug 2011 B2
8019832 De Sousa et al. Sep 2011 B2
8060760 Shetty et al. Nov 2011 B2
8060775 Sharma et al. Nov 2011 B1
8082400 Chang et al. Dec 2011 B1
8108508 Goh et al. Jan 2012 B1
8122269 Houlihan et al. Feb 2012 B2
8132034 Lambert et al. Mar 2012 B2
8155113 Agarwal Apr 2012 B1
8156362 Branover et al. Apr 2012 B2
8165120 Maruccia et al. Apr 2012 B2
8170040 Konda May 2012 B2
8180996 Fullerton et al. May 2012 B2
8189612 Lemaire et al. May 2012 B2
8194659 Ban Jun 2012 B2
8199636 Rouyer et al. Jun 2012 B1
8205103 Kazama et al. Jun 2012 B2
8379425 Fukuoka et al. Feb 2013 B2
8397092 Karnowski Mar 2013 B2
8407428 Cheriton et al. Mar 2013 B2
8504791 Cheriton et al. Aug 2013 B2
RE44610 Krakirian et al. Nov 2013 E
8599863 Davis Dec 2013 B2
8684802 Gross et al. Apr 2014 B1
8738860 Griffin et al. May 2014 B1
8745275 Ikeya et al. Jun 2014 B2
8745302 Davis et al. Jun 2014 B2
8782321 Harriman et al. Jul 2014 B2
8812400 Faraboschi et al. Aug 2014 B2
8824485 Biswas et al. Sep 2014 B2
8854831 Arnouse Oct 2014 B2
8903964 Breslin Dec 2014 B2
9008079 Davis et al. Apr 2015 B2
9075655 Davis et al. Jul 2015 B2
9311269 Davis et al. Apr 2016 B2
9465771 Davis et al. Oct 2016 B2
20010046227 Matsuhira et al. Nov 2001 A1
20020004912 Fung Jan 2002 A1
20020040391 Chaiken et al. Apr 2002 A1
20020083352 Fujimoto et al. Jun 2002 A1
20020097732 Worster et al. Jul 2002 A1
20020107903 Richter et al. Aug 2002 A1
20020124128 Qiu Sep 2002 A1
20020159452 Foster et al. Oct 2002 A1
20020161917 Shapiro et al. Oct 2002 A1
20020172205 Tagore-Brage et al. Nov 2002 A1
20020186656 Vu Dec 2002 A1
20020194412 Bottom Dec 2002 A1
20020196611 Ho et al. Dec 2002 A1
20030007493 Oi et al. Jan 2003 A1
20030033547 Larson et al. Feb 2003 A1
20030041266 Ke et al. Feb 2003 A1
20030076832 Ni Apr 2003 A1
20030093255 Freyensee et al. May 2003 A1
20030093624 Arimilli et al. May 2003 A1
20030110262 Hasan et al. Jun 2003 A1
20030140190 Mahony et al. Jul 2003 A1
20030158940 Leigh Aug 2003 A1
20030159083 Fukuhara et al. Aug 2003 A1
20030172191 Williams Sep 2003 A1
20030188083 Kumar et al. Oct 2003 A1
20030193402 Post et al. Oct 2003 A1
20030202520 Witkowski et al. Oct 2003 A1
20030231624 Alappat et al. Dec 2003 A1
20040013113 Singh et al. Jan 2004 A1
20040017806 Yazdy et al. Jan 2004 A1
20040017808 Forbes et al. Jan 2004 A1
20040030938 Barr et al. Feb 2004 A1
20040068676 Larson et al. Apr 2004 A1
20040111612 Choi et al. Jun 2004 A1
20040141521 George Jul 2004 A1
20040165588 Pandya Aug 2004 A1
20040210693 Zeitler et al. Oct 2004 A1
20040215864 Arimilli et al. Oct 2004 A1
20040215991 McAfee et al. Oct 2004 A1
20040267486 Percer et al. Dec 2004 A1
20050015378 Gammel et al. Jan 2005 A1
20050018604 Dropps et al. Jan 2005 A1
20050018606 Dropps et al. Jan 2005 A1
20050018663 Dropps et al. Jan 2005 A1
20050021606 Davies et al. Jan 2005 A1
20050021728 Sugimoto Jan 2005 A1
20050030954 Dropps et al. Feb 2005 A1
20050033742 Kamvar et al. Feb 2005 A1
20050033890 Lee Feb 2005 A1
20050044195 Westfall Feb 2005 A1
20050077921 Percer et al. Apr 2005 A1
20050105538 Perera et al. May 2005 A1
20050141424 Lim Jun 2005 A1
20050228852 Santos et al. Oct 2005 A1
20050240688 Moerman et al. Oct 2005 A1
20060002311 Iwanaga Jan 2006 A1
20060013218 Shore et al. Jan 2006 A1
20060023245 Sato et al. Feb 2006 A1
20060029053 Roberts et al. Feb 2006 A1
20060090025 Tufford et al. Apr 2006 A1
20060136570 Pandya Jun 2006 A1
20060140211 Huang et al. Jun 2006 A1
20060174342 Zaheer et al. Aug 2006 A1
20060179241 Clark Aug 2006 A1
20060236371 Fish Oct 2006 A1
20060248359 Fung Nov 2006 A1
20060259734 Sheu et al. Nov 2006 A1
20060265609 Fung Nov 2006 A1
20070006001 Isobe et al. Jan 2007 A1
20070047195 Merkin et al. Mar 2007 A1
20070076653 Park et al. Apr 2007 A1
20070081315 Mondor et al. Apr 2007 A1
20070094486 Moore et al. Apr 2007 A1
20070109968 Hussain et al. May 2007 A1
20070130397 Tsu Jun 2007 A1
20070174390 Silvain et al. Jul 2007 A1
20070180310 Johnson et al. Aug 2007 A1
20070209072 Chen Sep 2007 A1
20070226795 Conti et al. Sep 2007 A1
20070280230 Park Dec 2007 A1
20070286009 Norman Dec 2007 A1
20070288585 Sekiguchi et al. Dec 2007 A1
20080013453 Chiang et al. Jan 2008 A1
20080040463 Brown et al. Feb 2008 A1
20080052437 Loffink et al. Feb 2008 A1
20080059782 Kruse et al. Mar 2008 A1
20080075089 Evans et al. Mar 2008 A1
20080089358 Basso et al. Apr 2008 A1
20080104264 Duerk et al. May 2008 A1
20080140771 Vass et al. Jun 2008 A1
20080140930 Hotchkiss Jun 2008 A1
20080159745 Segal Jul 2008 A1
20080162691 Zhang et al. Jul 2008 A1
20080183882 Flynn et al. Jul 2008 A1
20080186965 Zheng et al. Aug 2008 A1
20080199133 Takizawa et al. Aug 2008 A1
20080212273 Bechtolsheim Sep 2008 A1
20080212276 Bottom et al. Sep 2008 A1
20080217021 Lembcke et al. Sep 2008 A1
20080222434 Shimizu et al. Sep 2008 A1
20080235443 Chow et al. Sep 2008 A1
20080239649 Bradicich et al. Oct 2008 A1
20080243634 Dworkin et al. Oct 2008 A1
20080250181 Li et al. Oct 2008 A1
20080259555 Bechtolsheim et al. Oct 2008 A1
20080259788 Wang et al. Oct 2008 A1
20080266793 Lee Oct 2008 A1
20080270599 Tamir et al. Oct 2008 A1
20080288660 Balasubramanian et al. Nov 2008 A1
20080288664 Pettey et al. Nov 2008 A1
20080288683 Ramey Nov 2008 A1
20080301794 Lee Dec 2008 A1
20080310848 Yasuda et al. Dec 2008 A1
20080313369 Verdoorn et al. Dec 2008 A1
20080320161 Maruccia et al. Dec 2008 A1
20090021907 Mann et al. Jan 2009 A1
20090044036 Merkin Feb 2009 A1
20090063443 Arimilli et al. Mar 2009 A1
20090064287 Bagepalli et al. Mar 2009 A1
20090080428 Witkowski et al. Mar 2009 A1
20090097200 Sharma et al. Apr 2009 A1
20090113130 He et al. Apr 2009 A1
20090133129 Jeong et al. May 2009 A1
20090135751 Hodges et al. May 2009 A1
20090135835 Gallatin et al. May 2009 A1
20090158070 Gruendler Jun 2009 A1
20090172423 Song et al. Jul 2009 A1
20090198958 Arimilli et al. Aug 2009 A1
20090204834 Hendin et al. Aug 2009 A1
20090204837 Raval et al. Aug 2009 A1
20090216920 Lauterbach et al. Aug 2009 A1
20090219827 Chen et al. Sep 2009 A1
20090222884 Shaji et al. Sep 2009 A1
20090225751 Koenck et al. Sep 2009 A1
20090235104 Fung Sep 2009 A1
20090248943 Jiang et al. Oct 2009 A1
20090251867 Sharma et al. Oct 2009 A1
20090259863 Williams et al. Oct 2009 A1
20090259864 Li et al. Oct 2009 A1
20090265045 Coxe, III Oct 2009 A1
20090271656 Yokota et al. Oct 2009 A1
20090276666 Haley et al. Nov 2009 A1
20090279518 Falk et al. Nov 2009 A1
20090282274 Langgood et al. Nov 2009 A1
20090282419 Mejdrich et al. Nov 2009 A1
20090313390 Ahuja et al. Dec 2009 A1
20100005331 Somasundaram et al. Jan 2010 A1
20100008038 Coglitore Jan 2010 A1
20100008365 Porat Jan 2010 A1
20100026408 Shau Feb 2010 A1
20100040053 Gottumukkula et al. Feb 2010 A1
20100049822 Davies et al. Feb 2010 A1
20100051391 Jahkonen Mar 2010 A1
20100106987 Lambert et al. Apr 2010 A1
20100118880 Kunz et al. May 2010 A1
20100125742 Ohtani May 2010 A1
20100125915 Hall et al. May 2010 A1
20100138481 Behrens Jun 2010 A1
20100158005 Mukhopadhyay et al. Jun 2010 A1
20100161909 Nation et al. Jun 2010 A1
20100165983 Aybay et al. Jul 2010 A1
20100169479 Jeong et al. Jul 2010 A1
20100198972 Umbehocker Aug 2010 A1
20100198985 Kanevsky et al. Aug 2010 A1
20100218194 Dallman et al. Aug 2010 A1
20100220732 Hussain et al. Sep 2010 A1
20100250914 Abdul et al. Sep 2010 A1
20100265650 Chen et al. Oct 2010 A1
20100281246 Bristow et al. Nov 2010 A1
20100299548 Chadirchi et al. Nov 2010 A1
20100308897 Evoy et al. Dec 2010 A1
20100312910 Lin et al. Dec 2010 A1
20100312969 Yamazaki et al. Dec 2010 A1
20100318812 Auradkar et al. Dec 2010 A1
20110023104 Franklin Jan 2011 A1
20110026397 Saltsidis et al. Feb 2011 A1
20110029652 Chhuor et al. Feb 2011 A1
20110058573 Balakavi et al. Mar 2011 A1
20110075369 Sun et al. Mar 2011 A1
20110090633 Rabinovitz Apr 2011 A1
20110103391 Davis et al. May 2011 A1
20110113115 Chang et al. May 2011 A1
20110119344 Eustis May 2011 A1
20110123014 Smith May 2011 A1
20110138046 Bonnier et al. Jun 2011 A1
20110185370 Tamir et al. Jul 2011 A1
20110191514 Wu et al. Aug 2011 A1
20110191610 Agarwal et al. Aug 2011 A1
20110197012 Liao et al. Aug 2011 A1
20110210975 Wong et al. Sep 2011 A1
20110239014 Karnowski Sep 2011 A1
20110271159 Ahn et al. Nov 2011 A1
20110273840 Chen Nov 2011 A1
20110295991 Aida Dec 2011 A1
20110296141 Daffron Dec 2011 A1
20110320690 Petersen et al. Dec 2011 A1
20120011500 Faraboschi et al. Jan 2012 A1
20120020207 Corti et al. Jan 2012 A1
20120050981 Xu et al. Mar 2012 A1
20120054469 Ikeya et al. Mar 2012 A1
20120054511 Brinks et al. Mar 2012 A1
20120081850 Regimbal et al. Apr 2012 A1
20120096211 Davis et al. Apr 2012 A1
20120099265 Reber Apr 2012 A1
20120131201 Matthews et al. May 2012 A1
20120155168 Kim et al. Jun 2012 A1
20120198252 Kirschtein et al. Aug 2012 A1
20120207165 Davis Aug 2012 A1
20120297042 Davis et al. Nov 2012 A1
20130010639 Armstrong et al. Jan 2013 A1
20130024645 Cheriton et al. Jan 2013 A1
20130031331 Cheriton et al. Jan 2013 A1
20130058250 Casado et al. Mar 2013 A1
20130094499 Davis et al. Apr 2013 A1
20130097448 Davis et al. Apr 2013 A1
20130111107 Chang et al. May 2013 A1
20130148667 Hama et al. Jun 2013 A1
20130163605 Chandra et al. Jun 2013 A1
20130290643 Lim et al. Oct 2013 A1
20130290650 Chang et al. Oct 2013 A1
20130318269 Dalal et al. Nov 2013 A1
20140122833 Davis et al. May 2014 A1
20140359044 Davis et al. Dec 2014 A1
20140365596 Kanevsky et al. Dec 2014 A1
20150039840 Chandra et al. Feb 2015 A1
20150103826 Davis Apr 2015 A1
Foreign Referenced Citations (9)
Number Date Country
2005-223753 Aug 2005 JP
2005-536960 Dec 2005 JP
M377621 Apr 2010 TW
201017430 May 2010 TW
WO-2004021641 Mar 2004 WO
WO-2005013143 Feb 2005 WO
WO-2008000193 Jan 2008 WO
WO-2011044271 Apr 2011 WO
WO-2012037494 Mar 2012 WO
Non-Patent Literature Citations (125)
Entry
Advanced Switching Technology Tech Brief, published 2005, 2 pages.
Chapter 1 Overview of the Origin Family Architecture from Origin and Onyx2 Theory of Operations Manual, published 1997, 18 pages.
Cisco MDS 9000 Family Multiprotocol Services Module, published 2006, 13 pages.
Comparing the I2C Bus to the SMBUS, Maxim Integrated, Dec. 1, 2000, p. 1.
Das et al., “Unifying Packet and Circuit Switched Networks,” IEEE Globecom Workshops 2009, Nov. 30, 2009, pp. 1-6.
Deering, “IP Multicast Extensions for 4.3BSD UNIX and related Systems,” Jun. 1999, 5 pages.
Elghany et al., “High Throughput High Performance NoC Switch,” NORCHIP 2008, Nov. 2008, pp. 237-240.
Extended European Search Report for EP 10827330.1, dated Jun. 5, 2013.
Final Office Action on U.S. Appl. No. 12/889,721, dated Apr. 17, 2014.
Final Office Action on U.S. Appl. No. 13/234,054, dated Jan. 26, 2016.
Final Office Action on U.S. Appl. No. 13/692,741, dated Mar. 11, 2015.
Final Office Action on U.S. Appl. No. 12/794,996, dated Jun. 19, 2013.
Final Office Action on U.S. Appl. No. 12/889,721 dated Aug. 2, 2016.
Final Office Action on U.S. Appl. No. 12/889,721, dated May 22, 2015.
Final Office Action on U.S. Appl. No. 13/234,054, dated Apr. 16, 2015.
Final Office Action on U.S. Appl. No. 13/475,713, dated Oct. 17, 2014.
Final Office Action on U.S. Appl. No. 13/475,722, dated Oct. 20, 2014.
Final Office Action on U.S. Appl. No. 13/527,498, dated Nov. 17, 2014.
Final Office Action on U.S. Appl. No. 13/527,505, dated Dec. 5, 2014.
Final Office Action on U.S. Appl. No. 13/624,725 dated Mar. 10, 2016.
Final Office Action on U.S.Appl. No. 13/624,725, dated Nov. 13, 2013.
Final Office Action on U.S. Appl. No. 13/624,731, dated Jul. 25, 2014.
Final Office Action on U.S. Appl. No. 13/662,759, dated Feb. 22, 2016.
Final Office Action on U.S. Appl. No. 13/705,340, dated Aug. 2, 2013.
Final Office Action on U.S. Appl. No. 13/705,414, dated Aug. 9, 2013.
Final Office Action on U.S. Appl. No. 13/728,428 dated May 6, 2016.
Final Office Action on U.S. Appl. No. 14/052,723, dated Dec. 3, 2015.
Final Office Action on U.S. Appl. No. 14/106,697 dated Feb. 2, 2016.
Final Office Action on U.S. Appl. No. 14/106,698, dated Aug. 19, 2015.
Final Office Action on U.S. Appl. No. 14/334,178, dated Nov. 4, 2015.
Final Office Action on U.S. Appl. No. 14/334,931, dated Jul. 9, 2015.
Final Office Action on U.S. Appl. No. 13/624,731, dated Nov. 12, 2013.
fpga4fun.com,“What is JTAG?”, 2 pages, Jan. 31, 2010.
From AT to BTX: Motherboard Form Factor, Webopedia, Apr. 29, 2005, p. 1.
Grecu et al., “A Scalable Communication-Centric SoC Interconnect Architecture” Proceedings 5th International Symposium on Quality Electronic Design, 2005, pp. 343, 348 (full article included).
Hossain et al., “Extended Butterfly Fat Tree Interconnection (EFTI) Architecture for Network on CHIP,” 2005 IEEE Pacific Rim Conference on Communicatinos, Computers and Signal Processing, Aug. 2005, pp. 613-616.
HP Virtual Connect Traffic Flow—Technology brief, Jan. 2012, 22 pages.
International Preliminary Report on Patentability for PCT/US2009/044200, dated Nov. 17, 2010.
International Preliminary Report on Patentability for PCT/US2012/038986, dated Nov. 26, 2013.
International Preliminary Report on Patentability for PCT/US2012/061747, dated Apr. 29, 2014.
International Preliminary Report on Patentability issued on PCT/US12/62608, dated May 6, 2014.
International Search Report and Written Opinion for PCT/US12/38987, dated Aug. 16, 2012.
International Search Report and Written Opinion for PCT/US12/61747, dated Mar. 1, 2013.
International Search Report and Written Opinion for PCT/US12/62608, dated Jan. 18, 2013.
International Search Report and Written Opinion for PCT/US2010/053227, dated May 10, 2012.
International Search Report and Written Opinion for PCT/US2011/051996, dated Jan. 19, 2012.
International Search Report and Written Opinion on PCT/US09/44200, dated Jul. 1, 2009.
International Search Report and Written Opinion on PCT/US12/038986, dated Mar. 14, 2013.
Jansen et al., “SATO-IO to Develop Specification for Mini Interface Connector” Press Release Sep. 21, 2009, Serial ATA3 pages.
Nawathe et al., “Implementation of an 8-Core, 64-Thread, Power Efficient, SPARC Server on a Chip”, IEEE Journal of Solid-State Circuits, vol. 43, No. 1, Jan. 2008, pp. 6-20.
Non-Final Action on U.S. Appl. No. 13/728,362, dated Feb. 21, 2014.
Non-Final Office Action on U.S. Appl. No. 14/334,178 dated Dec. 18, 2015.
Non-Final Office Action on U.S. Appl. No. 12/889,721, dated Feb. 24, 2016.
Non-Final Office Action on U.S. Appl. No. 12/889,721, dated Jul. 2, 2013.
Non-Final Office Action on U.S. Appl. No. 13/475,722, dated Jan. 17, 2014.
Non-Final Office Action on U.S. Appl. No. 12/794,996, dated Sep. 17, 2012.
Non-Final Office Action on U.S. Appl. No. 12/889,721, dated Oct. 11, 2012.
Non-Final Office Action on U.S. Appl. No. 12/889,721, dated Sep. 29, 2014.
Non-Final Office Action on U.S. Appl. No. 13/234,054 dated Oct. 20, 2016.
Non-Final Office Action on U.S. Appl. No. 13/234,054, dated Oct. 23, 2014.
Non-Final Office Action on U.S. Appl. No. 13/234,054, dated Aug. 6, 2015.
Non-Final Office Action on U.S. Appl. No. 13/284,855, dated Dec. 19, 2013.
Non-Final Office Action on U.S. Appl. No. 13/453,086, dated Mar. 12, 2013.
Non-Final Office Action on U.S. Appl. No. 13/475,713, dated Apr. 1, 2014.
Non-Final Office Action on U.S. Appl. No. 13/527,505, dated May 8, 2014.
Non-Final Office Action on U.S. Appl. No. 13/527,498, dated May 8, 2014.
Non-Final Office Action on U.S. Appl. No. 13/624,725, dated Jan. 10, 2013.
Non-Final Office Action on U.S. Appl. No. 13/624,725, dated Apr. 23, 2015.
Non-final office action on U.S. Appl. No. 13/624,731 dated Jan. 29, 2013.
Non-Final Office Action on U.S. Appl. No. 13/662,759, dated Nov. 6, 2014.
Non-Final Office Action on U.S. Appl. No. 13/692,741, dated Sep. 4, 2014.
Non-Final Office Action on U.S. Appl. No. 13/692,741, dated Jul. 1, 2015.
Non-Final Office Action on U.S. Appl. No. 13/705,286, dated May 13, 2013.
Non-Final Office Action on U.S. Appl. No. 13/705,340, dated Mar. 12, 2014.
Non-Final Office Action on U.S. Appl. No. 13/705,340, dated Mar. 29, 2013.
Non-Final Office Action on U.S. Appl. No. 13/705,414, dated Apr. 9, 2013.
Non-Final Office Action on U.S. Appl. No. 13/728,308, dated May 14, 2015.
Non-Final Office Action on U.S. Appl. No. 13/728,428, dated Jun. 12, 2015.
Non-Final Office Action on U.S. Appl. No. 14/052,723, dated May 1, 2015.
Non-Final Office Action on U.S. Appl. No. 14/106,697, dated Aug. 17, 2015.
Non-Final Office Action on U.S. Appl. No. 14/106,698, dated Feb. 12, 2015.
Non-Final Office Action on U.S. Appl. No. 14/334,931, dated Jan. 5, 2015.
Non-Final Office Action on U.S. Appl. No. 14/725,543 dated Apr. 7, 2016.
Non-Final Office Action on U.S. Appl. No. 14/753,948 dated Nov. 4, 2016.
Non-Final Office Action on U.S. Appl. No. 13/705,428, dated Jul. 10, 2013.
Non-Final Office Action on U.S. Appl. No. 14/334,931 dated Dec. 11, 2015.
Notice of Allowance on U.S. Appl. No. 14/334,931 dated May 20, 2016.
Notice of Allowance on U.S. Appl. No. 13/453,086, dated Jul. 18, 2013.
Notice of Allowance on U.S. Appl. No. 13/475,713, dated Feb. 5, 2015.
Notice of Allowance on U.S. Appl. No. 13/475,722, dated Feb. 27, 2015.
Notice of Allowance on U.S. Appl. No. 13/527,498, dated Feb. 23, 2015.
Notice of Allowance on U.S. Appl. No. 13/527,505, dated Mar. 6, 2015.
Notice of Allowance on U.S. Appl. No. 13/624,725, dated Mar. 30, 2016.
Notice of Allowance on U.S. Appl. No. 13/624,731, dated Mar. 5, 2015.
Notice of Allowance on U.S. Appl. No. 13/705,340, dated Dec. 3, 2014.
Notice of Allowance on U.S. Appl. No. 13/705,386, dated Jan. 24, 2014.
Notice of Allowance on U.S. Appl. No. 13/705,414, dated Nov. 4, 2013.
Notice of Allowance on U.S. Appl. No. 13/728,428 dated Jul. 18, 2016.
Notice of Allowance on U.S. Appl. No. 14/106,697 dated Oct. 24, 2016.
Notice of Allowance on U.S. Appl. No. 14/725,543 dated Jul. 21, 2016.
Notice of Allowance on U.S. Appl. No. 13/284,855, dated Jul. 14, 2014.
Notice of Allowance on U.S. Appl. No. 13/662,759 dated May 10, 2016.
Notice of Allowance on U.S. Appl. No. 13/692,741 dated Dec. 4, 2015.
Notice of Allowance on U.S. Appl. No. 14/334,178 dated Jun. 8, 2016.
Notice of Allowance U.S. Appl. No. 13/728,308, dated Oct. 7, 2015.
Office Action on Taiwan Application 100133390, dated Aug. 25, 2015 (English translation not available).
Office Action on Taiwan Application 101139729, dated May 25, 2015 (English translation not available).
Pande et al., “Design of a Switch for Network on Chip Applications,” May 25-28, 2003 Proceedings of the 2003 International Symposium on Circuits and Systems, vol. 5, pp. V217-V220.
Reexamination Report on Japanese Application 2012-536877, dated Jan. 22, 2015 (English Translation not available).
Search Report on EP Application 10827330.1, dated Feb. 12, 2015.
Venaas, “IPv4 Multicast Address Space Registry,” 2013, http://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml.
HP ProLiant SL6500 Scalable System, Family data sheet, HP Technical sheet, Sep. 2010 4 pages.
Non-Final Office Action on U.S. Appl. No. 14/809,723 dated Dec. 30, 2016.
Non-Final Office Action on U.S. Appl. No. 15/281,462 dated Feb. 10, 2017.
Notice of Allowance issued on U.S. Appl. No. 14/052,723, dated Feb. 8, 2017.
Final Office Action on U.S. Appl. No. 13/234,054 dated May 31, 2017.
Final Office Action on U.S. Appl. No. 15/281,462 dated Jun. 13, 2017.
Non-Final Office Action on U.S Appl. No. 15/254,111 dated Jun. 20, 2017.
Notice of Allowance on U.S. Appl. No. 14/753,948 dated Jun. 14, 2017.
Final Office Action on U.S. Appl. No. 14/809,723 dated Aug. 25, 2017.
Non-Final Office Action on U.S. Appl. No. 15/078,115 dated Sep. 5, 2017.
Notice of Allowance on U.S. Appl. No. 15/254,111 dated Sep. 1, 2017.
Notice of Allowance on U.S. Appl. No. 15/360,668, dated May 5, 2017.
Non-Final Office Action on U.S. Appl. No. 15/357,332 dated Nov. 9, 2017.
Notice of Allowance on U.S. Appl. No. 13/234,054, dated Sep. 19, 2017.
Related Publications (1)
Number Date Country
20170012899 A1 Jan 2017 US
Provisional Applications (2)
Number Date Country
61489569 May 2011 US
61256723 Oct 2009 US
Continuations (2)
Number Date Country
Parent 14334178 Jul 2014 US
Child 15270418 US
Parent 13475722 May 2012 US
Child 14334178 US
Continuation in Parts (1)
Number Date Country
Parent 12794996 Jun 2010 US
Child 13475722 US