Electrical computers and digital processing systems: multicomput – Computer-to-computer data routing – Least weight routing
Reexamination Certificate
2000-01-31
2003-01-21
Dam, Tuan Q. (Department: 2122)
Electrical computers and digital processing systems: multicomput
Computer-to-computer data routing
Least weight routing
C709S241000, C712S228000, C717S131000, C717S154000
Reexamination Certificate
active
06510448
ABSTRACT:
BACKGROUND
1. Field of the Invention
The present invention relates generally to the control of process and threads, and more particularly, to the implementation of a virtual machine in a network environment for the efficient control of input/output processes and threads.
2. Discussion of the Related Art
Firewalls are an essential ingredient in a corporate entity's network security plan. Firewalls represent a security enforcement point that separates a trusted network from an untrusted network.
FIG. 1
illustrates a generic example of a network security plan that incorporates a firewall system. In this generic example, firewall system
120
is operative to screen all connections between private network
110
and untrusted system
140
. These connections are facilitated by Internet network
130
. In the screening process, firewall system
120
determines which traffic should be allowed and which traffic should be disallowed based on a predetermined security policy.
One type of firewall system is an application-level gateway or proxy server, which acts as a relay of application-level traffic. Proxy servers tend to be more secure than packet filters. Rather than trying to deal with the numerous possible combinations that are to be allowed and forbidden at the transmission control protocol (TCP) and Internet protocol (IP) level, the proxy server need only scrutinize a few allowable applications (e.g., Telnet, file transfer protocol (FTP), simple mail transfer protocol (SMTP), hypertext transfer protocol (HTTP), etc.). Generally, if the proxy server does not implement the proxy code for a specific application, the service is not supported and cannot be forwarded across the firewall.
As compared to packet screening, proxies can be flexibly applied to generate a customized network security policy. The performance of process and thread-based proxies, however, is well below that of packet screening. One of the primary sources of inefficiency is the proxy's inherent operation within a networking environment. As the very essence of a proxy is network input/output (I/O), frequent blocking of a process or thread can occur. For example, if a network read operation is performed and no data is available, the read operation will block. Similarly, if a network write operation is performed and the buffer is full, the write operation will block.
When a process or thread blocks, the proxy server can switch to a different process or thread. This switch is referred to as a context switch. As can be appreciated, frequent blocking of network read/write operations can result in frequent context switches. A high frequency of context switches will ultimately reduce the number of transactions per second that the proxy server can handle. Accordingly, what is needed is a mechanism for increasing the efficiency of a proxy server.
SUMMARY OF THE INVENTION
The present invention addresses the aforementioned needs by providing a software virtual machine mechanism that increases the efficiency of context switching. In an application to the networking environment, the software virtual machine is operative to increase the efficiency of handling input/output (I/O) operations through the improved control of switching between contexts. In accordance with the present invention, the overhead expense of switching between contexts is reduced through the software virtual machine support of restartable instructions. With restartable instructions, the resumption of a previously blocked context will continue at the instruction that had previously blocked.
REFERENCES:
patent: 5367680 (1994-11-01), Flurry et al.
patent: 5388219 (1995-02-01), Chan et al.
patent: 5941988 (1999-08-01), Bhagwat et al.
patent: 6141755 (2000-01-01), Dowd et al.
patent: 6374286 (2002-04-01), Gee et al.
Dam Tuan Q.
Hamaty Christopher J.
Kendall Chuck
Networks Associates Technology Inc.
Silicon Valley IP Group, LLC
LandOfFree
System, method and computer program product for increasing... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System, method and computer program product for increasing..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System, method and computer program product for increasing... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3009223