1. Field
The present disclosure relates to communications in computer networks. More particularly, this invention is directed toward a virtualized network interface for Remote Direct Memory Access (RDMA) over Converged Ethernet (RoCE).
2. Description of Related Technology
In computer systems, virtualization is a process by which a virtual version of computing resources, such as hardware and software resources, i.e., a central processor unit, a storage resources, an input/output resources, a network resource, an operating system, and other resources known in the art, are simulated by a computer system, referred to as a host machine. A typical host machine may comprise a hardware platform that optionally together with a software entity i.e., an operating system, operates a hypervisor, which is software or firmware that creates and operates virtual machines, also referred to as guest machines. Through hardware virtualization, the hypervisor provides each virtual machine with a virtual hardware operating platform. By interfacing with the virtual hardware operating platform, the virtual machines access the computing resources of the host machine to execute virtual machines' respective operations. As a result, a single host machine can support multiple virtual machines, each operating an operating system and/or other software entity, i.e., an application, simultaneously through virtualization.
In a typical host machine, the virtual hardware operating platform should be presented to the virtual machines in a manner that assures that the virtual nature of the hardware platform should not be discernible to the virtual machines. Consequently, the host machine should avoid conflicts between virtual machines in accessing the computing resources. To accomplish these goals, the host machine may implement a translation scheme between the virtual machines' software and the host machine's resources. With regard to accessing network resources, for example, the host machine may support virtual network interface that are presented to respective virtual machines. The virtual network interface Virtual Network Interface Card (VNIC) appears to the virtual machine as a physical Network Interface Card (NIC). However, the host machine translates between the VNIC and the NIC. As a result, the host machine can manage the network resources for multiple virtual machines.
RDMA allows one (local) machine to place information directly into the memory of another (remote) machine, without involving processor, cache, or operating system of either machine. RDMA thus allows user space applications to directly access hardware and zero-copy data movement. The RDMA address translation and an optional corruption protection is implemented in a NIC. Part of implementing RDMA via different standards, e.g., the Internet Wide Area RDMA Protocol (iWARP), RDMA over Converged Ethernet (RoCE), in virtualized environment, is to insure that data transfer from one entity, e.g., an application, cannot corrupt another entity, e.g., another application. Additionally, the virtual address space of each application may be different; consequently, an address translation between the virtual address space of the applications and the physical address space is needed also potentially causing corruption.
A System Memory Management Unit (SMMU), an entity communicatively communicating with the virtual address space and the physical memory space, handles the address translation and corruption protection. A structure within the SMMU defines mapping of a stream identifier and virtual address to allowed address regions of the physical memory. The term stream indicates flow of information between an entity receiving the information, e.g., the NIC or VNIC and the physical memory.
In some implementations, the stream identifier comprises a data field, e.g., a remote key (R_Key) provided in an RDMA packet, e.g., a RoCE packet. However, such an implementation is undesirable due to, e.g., potential forgery attacks; furthermore, random creation of the R_Key may result in a valid stream identifier, but not belonging to a VNIC selected to process the RoCE packet, as well as for other disadvantages known to a person of ordinary skills in the art. Consequently, an improved implementation utilizes the R_Key together with another entity, e.g., a partition key (P_Key), also provided in the RoCE packet, as entries to a look-up table, the contents of which yields the stream identifier. The look-up table thus provides means of ascertaining the RoCE RDMA permitted regions of the physical memory; therefore, preventing data corruption. The latter implementation is disadvantageous at least for the reason that a specific hardware structure implementing the look-up table must be built into a network interface, i.e., the NIC, resulting in increased area and increased power required for the NIC.
The size of the hardware structure implementing the look-up table is especially significant if the NIC, while designed to process both Transmission Control Protocol (TCP) and RoCE style packets is being used to process only TCP style packets, because a memory used for the loop-up table implementing the R_Key and P_Key translation to stream identifier for the RoCE style packets would not be used; thus consuming area and power for no benefit.
Accordingly, there is a need in the art for an implementation of virtual network interface for Remote Direct Memory Access over Converged Ethernet providing solution to the above identified problems, as well as additional advantages.