(19)
(11)EP 3 408 969 B1

(12)EUROPEAN PATENT SPECIFICATION

(45)Mention of the grant of the patent:
10.06.2020 Bulletin 2020/24

(21)Application number: 17704894.9

(22)Date of filing:  27.01.2017
(51)International Patent Classification (IPC): 
H04L 12/24(2006.01)
G06F 9/455(2018.01)
H04L 12/753(2013.01)
H04L 29/12(2006.01)
H04L 12/931(2013.01)
G06F 13/40(2006.01)
H04L 12/713(2013.01)
(86)International application number:
PCT/US2017/015442
(87)International publication number:
WO 2017/132570 (03.08.2017 Gazette  2017/31)

(54)

SYSTEM AND METHOD FOR CORRELATING FABRIC-LEVEL GROUP MEMBERSHIP WITH SUBNET-LEVEL PARTITION MEMBERSHIP IN A HIGH PERFORMANCE COMPUTING ENVIRONMENT

SYSTEM UND VERFAHREN ZUR KORRELIERUNG DER GRUPPENZUGEHÖRIGKEIT AUF KOPPELNETZEBENE MIT DER TEILUNGSZUGEHÖRIGKEIT AUF SUBNETZEBENE IN EINER HOCHLEISTUNGSRECHNERUMGEBUNG

SYSTÈME ET PROCÉDÉ DE CORRÉLATION D'APPARTENANCE AU GROUPE NIVEAU DE MATRICE AVEC UNE APPARTENANCE DE PARTITION AU NIVEAU SOUS-RÉSEAU DANS UN ENVIRONNEMENT DE CALCUL À HAUT RENDEMENT


(84)Designated Contracting States:
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

(30)Priority: 27.01.2016 US 201662287712 P
25.01.2017 US 201715415620
25.01.2017 US 201715415644

(43)Date of publication of application:
05.12.2018 Bulletin 2018/49

(73)Proprietor: Oracle International Corporation
Redwood Shores, California 94065 (US)

(72)Inventors:
  • JOHNSEN, Bjørn Dag
    0687 Oslo (NO)
  • HØEG, Harald
    1326 Lysaker (NO)
  • HOLEN, Line
    1900 Fetsund (NO)

(74)Representative: D Young & Co LLP 
120 Holborn
London EC1N 2DY
London EC1N 2DY (GB)


(56)References cited: : 
US-B1- 6 718 392
  
  • "An Oracle Technical White Paper Delivering Application Performance with Oracle's InfiniBand Technology A Standards-Based Interconnect for Application Scalability and Network Consolidation", ORACLE WHITE PAPER, 1 May 2012 (2012-05-01), pages 1-42, XP55150526,
  
Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).


Description

Field of Invention



[0001] The present invention is generally related to computer systems, and is particularly related to supporting correlation between subnet-level and fabric-level management schemes.

Background



[0002] As larger cloud computing architectures are introduced, the performance and administrative bottlenecks associated with the traditional network and storage have become a significant problem. There has been an increased interest in using high performance lossless interconnects such as InfiniBand™ (IB) technology as the foundation for a cloud computing fabric. This is the general area that embodiments of the invention are intended to address.

[0003] US 6718392 discloses a distributed computer system has a first sub net including a first group of endnodes and a second subnet including a second group of endnodes. Each endnode in the first and second groups of endnodes includes at least one process which produces and/or consumes message data, and queue pairs. Each queue pair includes a send work queue having work queue elements that describe message data for sending, and a receive work queue having work queue elements that describe where to place incoming message data. A communication fabric is physically coupled to the first group of endnodes and the second group of endnodes. A partitioning mechanism associates a first partition key representing endnodes in a first partition to a first group of queue pairs and a second partition key representing endnodes in a second partition to a second group of queue pairs for enabling communication between endnodes over the communication fabric.

[0004] An Oracle Technical White Paper; Delivering Application Performance with Oracle's InfiniBand Technology; A Standards-Based Interconnect for Application Scalability and Network Consolidation (May 2012; XP55150526) discloses an introduction to InfiniBand technology, with a focus on its ability to scale application performance and consolidate network infrastructure.

Summary



[0005] Described herein are systems and methods for correlating fabric-level group membership with subnet-level partition membership in a high performance computing environment. An exemplary embodiment can provide an admin partition in a subnet of a network environment, associated with a resource domain at the fabric level of the network environment. The admin partition can be defined by a P_Key that is stored in a fabric-level database. Each fabric resource is identified by an identifier that is stored in the fabric-level database. When fabric resources are added as members to the resource domain, a relationship is created between the P_Key and the identifier of the fabric resource, where the relationship defines the resource as a member of the admin partition. Access rights can be granted based on the relationship.

Brief Description of the Figures



[0006] 

Figure 1 shows an illustration of an InfiniBand™ environment, in accordance with an embodiment. embodiment.

Figure 2 shows an illustration of a partitioned cluster environment, in accordance with an embodiment

Figure 3 shows an illustration of a tree topology in a network environment, in accordance with an embodiment.

Figure 4 shows an exemplary shared port architecture, in accordance with an embodiment.

Figure 5 shows an exemplary vSwitch architecture, in accordance with an embodiment.

Figure 6 shows an exemplary vPort architecture, in accordance with an embodiment.

Figure 7 shows an exemplary vSwitch architecture with prepopulated LIDs, in accordance with an embodiment.

Figure 8 shows an exemplary vSwitch architecture with dynamic LID assignment, in accordance with an embodiment.

Figure 9 shows an exemplary vSwitch architecture with vSwitch with dynamic LID assignment and prepopulated LIDs, in accordance with an embodiment.

Figure 10 shows an exemplary multi-subnet InfiniBand™ fabric, in accordance with an embodiment.

Figure 11 shows the hierarchical structure of resource domains, in accordance with an embodiment.

Figure 12 shows an exemplary network fabric having both admin partitions and data partitions, in accordance with an embodiment.

Figure 13 shows an exemplary data store for storing Admin Partition Association Information, in accordance with an embodiment.

Figure 14 is an exemplary flow chart depicting an end-port dynamically requesting and receiving membership in a data partition, in accordance with an embodiment.

Figure 15A and Figure 15B is a flowchart for dynamically assigning membership in a partition, in accordance with an embodiment.

Figure 16 shows an exemplary network fabric having HCAs and vHCAs as members of admin partitions, in accordance with an embodiment.

Figure 17 shows an exemplary network fabric having both resource domains and admin partitions, in accordance with an embodiment.

Figure 18 is a flowchart for correlating resource domain membership with an admin partition membership, in accordance with an embodiment.

Figure 19 is a detailed flowchart for a method of correlating resource group membership with admin partition membership using a fabric-level database, in accordance with an embodiment.

Figure 20 shows host channel adapters as members of an admin partition based on switch connectivity, in accordance with an embodiment.

Figure 21 is a flow chart for assigning admin partition membership to host channel adapters based on switch connectivity, in accordance with an embodiment.

Figure 22 is a detailed flow chart for assigning admin partition membership to host channel adapters based on switch connectivity, in accordance with an embodiment.


Detailed Description



[0007] The invention is illustrated, by way of example and not by way of limitation, in the figures of the accompanying drawings in which like references indicate similar elements. It should be noted that references to "an" or "one" or "some" embodiment(s) in this disclosure are not necessarily to the same embodiment, and such references mean at least one. While specific implementations are discussed, it is understood that the specific implementations are provided for illustrative purposes only. A person skilled in the relevant art will recognize that other components and configurations may be used without departing from the scope of the invention.

[0008] Common reference numerals can be used to indicate like elements throughout the drawings and detailed description; therefore, reference numerals used in a figure may or may not be referenced in the detailed description specific to such figure if the element is described elsewhere.

[0009] Described herein are systems and methods for correlating fabric-level group membership with subnet-level partition membership in a high performance computing environment.

[0010] The following description of the invention uses an InfiniBand™ (IB) network as an example for a high performance network. Throughout the following description, reference can be made to the InfiniBand™ specification (also referred to variously as the InfiniBand specification, IB specification, or the legacy IB specification). Such reference is understood to refer to the InfiniBand® Trade Association Architecture Specification, Volume 1, Version 1.3, released March, 2015, available at http://www.inifinibandta.org. It will be apparent to those skilled in the art that other types of high performance networks can be used without limitation. The following description also uses the fat-tree topology as an example for a fabric topology. It will be apparent to those skilled in the art that other types of fabric topologies can be used without limitation.

InfiniBand™



[0011] InfiniBand™ (IB) is an open standard lossless network technology developed by the InfiniBand™ Trade Association. The technology is based on a serial point-to-point full-duplex interconnect that offers high throughput and low latency communication, geared particularly towards high-performance computing (HPC) applications and datacenters.

[0012] The InfiniBand™ Architecture (IBA) supports a two-layer topological division. At the lower layer, IB networks are referred to as subnets, where a subnet can include a set of hosts interconnected using switches and point-to-point links. At the higher level, an IB fabric constitutes one or more subnets, which can be interconnected using routers.

[0013] Within a subnet, hosts can be connected using switches and point-to-point links. Additionally, there can be a master management entity, the subnet manager (SM), which resides on a designated device in the subnet. The subnet manager is responsible for configuring, activating and maintaining the IB subnet. Additionally, the subnet manager (SM) can be responsible for performing routing table calculations in an IB fabric. Here, for example, the routing of the IB network aims at proper load balancing between all source and destination pairs in the local subnet.

[0014] Through the subnet management interface, the subnet manager exchanges control packets, which are referred to as subnet management packets (SMPs), with subnet management agents (SMAs). The subnet management agents reside on every IB subnet device. By using SMPs, the subnet manager is able to discover the fabric, configure end-nodes and switches, and receive notifications from SMAs.

[0015] In accordance with an embodiment, intra-subnet routing in an IB network can be based on linear forwarding tables (LFTs) stored in the switches. The LFTs are calculated by the SM according to the routing mechanism in use. In a subnet, Host Channel Adapter (HCA) ports on the end-nodes and switches are addressed using local identifiers (LIDs). Each entry in an LFT consists of a destination LID (DLID) and an output port. Only one entry per LID in the table is supported. When a packet arrives at a switch, its output port is determined by looking up the DLID in the forwarding table of the switch. The routing is deterministic as packets take the same path in the network between a given source-destination pair (LID pair).

[0016] Generally, all other subnet managers, excepting the master subnet manager, act in standby mode for fault-tolerance. In a situation where a master subnet manager fails, however, a new master subnet manager is negotiated by the standby subnet managers. The master subnet manager also performs periodic sweeps of the subnet to detect any topology changes and reconfigures the network accordingly.

[0017] Furthermore, hosts and switches within a subnet can be addressed using local identifiers (LIDs), and a single subnet can be limited to 49151 unicast LIDs. Besides the LIDs, which are the local addresses that are valid within a subnet, each IB device can have a 64-bit global unique identifier (GUID). A GUID can be used to form a global identifier (GID), which is an IB layer three (L3) address.

[0018] The SM can calculate routing tables (i.e., the connections/routes between each pair of nodes within the subnet) at network initialization time. Furthermore, the routing tables can be updated whenever the topology changes, in order to ensure connectivity and optimal performance. During normal operations, the SM can perform periodic light sweeps of the network to check for topology changes. If a change is discovered during a light sweep or if a message (trap) signaling a network change is received by the SM, the SM can reconfigure the network according to the discovered changes.

[0019] For example, the SM can reconfigure the network when the network topology changes, such as when a link goes down, when a device is added, or when a link is removed. The reconfiguration steps can include the steps performed during the network initialization. Furthermore, the reconfigurations can have a local scope that is limited to the subnets in which the network changes occurred. Also, the segmenting of a large fabric with routers may limit the reconfiguration scope.

[0020] An example InfiniBand™ fabric is shown in Figure 1, which shows an illustration of an InfiniBand™ environment 100, in accordance with an embodiment. In the example shown in Figure 1, nodes A-E, 101-105, use the InfiniBand™ fabric 120 to communicate, via the respective host channel adapters 111-115. In accordance with an embodiment, the various nodes, e.g., nodes A-E 101-105, can be represented by various physical devices. In accordance with an embodiment, the various nodes, e.g., nodes A-E 101-105, can be represented by various virtual devices, such as virtual machines.

Data Partitions in InfiniBand™



[0021] In accordance with an embodiment, IB networks can support partitioning as a security mechanism to provide for isolation of logical groups of systems sharing a network fabric. Each HCA port on a node in the fabric can be a member of one or more partitions. In accordance with an embodiment, the present disclosure provides for two types of partitions that can be defined within an IB subnet - data partitions (discussed in detail in the following paragraphs) and admin partitions (discussed in detail later in the disclosure).

[0022] Data partition memberships are managed by a centralized partition manager, which can be part of the SM. The SM can configure data partition membership information on each port as a table of 16-bit partition keys (P_Keys). The SM can also configure switch and router ports with the data partition enforcement tables containing P_Key information associated with the end-nodes that send or receive data traffic through these ports. Additionally, in a general case, data partition membership of a switch port can represent a union of all membership indirectly associated with LIDs routed via the port in an egress (towards the link) direction.

[0023] In accordance with an embodiment, data partitions are logical groups of ports such that the members of a group can only communicate to other members of the same logical group. At host channel adapters (HCAs) and switches, packets can be filtered using the data partition membership information to enforce isolation. Packets with invalid partitioning information can be dropped as soon as the packets reaches an incoming port. In partitioned IB systems, data partitions can be used to create tenant clusters. With data partition enforcement in place, a node cannot communicate with other nodes that belong to a different tenant cluster. In this way, the security of the system can be guaranteed even in the presence of compromised or malicious tenant nodes.

[0024] In accordance with an embodiment, for the communication between nodes, Queue Pairs (QPs) and End-to-End contexts (EECs) can be assigned to a particular data partition, except for the management Queue Pairs (QP0 and QP1). The P_Key information can then be added to every IB transport packet sent. When a packet arrives at an HCA port or a switch, its P_Key value can be validated against a table configured by the SM. If an invalid P_Key value is found, the packet is discarded immediately. In this way, communication is allowed only between ports sharing a data partition.

[0025] An example of IB data partitions is shown in Figure 2, which shows an illustration of a data partitioned cluster environment, in accordance with an embodiment. In the example shown in Figure 2, nodes A-E, 101-105, use the InfiniBand™ fabric, 120, to communicate, via the respective host channel adapters 111-115. The nodes A-E are arranged into data partitions, namely data partition 1, 130, data partition 2, 140, and data partition 3, 150. Data partition 1 comprises node A 101 and node D 104. Data partition 2 comprises node A 101, node B 102, and node C 103. Data partition 3 comprises node C 103 and node E 105. Because of the arrangement of the data partitions, node D 104 and node E 105 are not allowed to communicate as these nodes do not share a data partition. Meanwhile, for example, node A 101 and node C 103 are allowed to communicate as these nodes are both members of data partition 2, 140.

Virtual Machines in InfiniBand™



[0026] During the last decade, the prospect of virtualized High Performance Computing (HPC) environments has improved considerably as CPU overhead has been practically removed through hardware virtualization support; memory overhead has been significantly reduced by virtualizing the Memory Management Unit; storage overhead has been reduced by the use of fast SAN storages or distributed networked file systems; and network I/O overhead has been reduced by the use of device passthrough techniques like Single Root Input/Output Virtualization (SR-IOV). It is now possible for clouds to accommodate virtual HPC (vHPC) clusters using high performance interconnect solutions and deliver the necessary performance.

[0027] However, when coupled with lossless networks, such as InfiniBand™ (IB), certain cloud functionality, such as live migration of virtual machines (VMs), still remains an issue due to the complicated addressing and routing schemes used in these solutions. IB is an interconnection network technology offering high bandwidth and low latency, thus, is very well suited for HPC and other communication intensive workloads.

[0028] The traditional approach for connecting IB devices to VMs is by utilizing SR-IOV with direct assignment. However, achieving live migration of VMs assigned with IB Host Channel Adapters (HCAs) using SR-IOV has proved to be challenging. Each IB connected node has three different addresses: LID, GUID, and GID. When a live migration happens, one or more of these addresses change. Other nodes communicating with the VM-in-migration can lose connectivity. When this happens, the lost connection can be attempted to be renewed by locating the virtual machine's new address to reconnect to by sending Subnet Administration (SA) path record queries to the IB Subnet Manager (SM).

[0029] IB uses three different types of addresses. A first type of address is the 16 bits Local Identifier (LID). At least one unique LID is assigned to each HCA port and each switch by the SM. The LIDs are used to route traffic within a subnet. Since the LID is 16 bits long, 65536 unique address combinations can be made, of which only 49151 (0x0001-0xBFFF) can be used as unicast addresses. Consequently, the number of available unicast addresses defines the maximum size of an IB subnet. A second type of address is the 64 bits Global Unique Identifier (GUID) assigned by the manufacturer to each device (e.g. HCAs and switches) and each HCA port. The SM may assign additional subnet unique GUIDs to an HCA port, which is useful when SR-IOV is used. A third type of address is the 128 bits Global Identifier (GID). The GID is a valid IPv6 unicast address, and at least one is assigned to each HCA port. The GID is formed by combining a globally unique 64 bits prefix assigned by the fabric administrator, and the GUID address of each HCA port.

Fat-Tree (FTree) Topologies and Routing



[0030] In accordance with an embodiment, some of the IB based HPC systems employ a fat-tree topology to take advantage of the useful properties fat-trees offer. These properties include full bisection-bandwidth and inherent fault-tolerance due to the availability of multiple paths between each source destination pair. The initial idea behind fat-trees was to employ fatter links between nodes, with more available bandwidth, as the tree moves towards the roots of the topology. The fatter links can help to avoid congestion in the upper-level switches and the bisection-bandwidth is maintained.

[0031] Figure 3 shows an illustration of a tree topology in a network environment, in accordance with an embodiment. As shown in Figure 3, one or more end-nodes 201-204 can be connected in a network fabric 200. The network fabric 200 can be based on a fat-tree topology, which includes a plurality of leaf switches 211-214, and multiple spine switches or root switches 231-234. Additionally, the network fabric 200 can include one or more intermediate switches, such as switches 221-224.

[0032] Also as shown in Figure 3, each of the end-nodes 201-204 can be a multi-homed node, i.e., a single node that is connected to two or more parts of the network fabric 200 through multiple ports. For example, the node 201 can include the ports H1 and H2, the node 202 can include the ports H3 and H4, the node 203 can include the ports H5 and H6, and the node 204 can include the ports H7 and H8.

[0033] Additionally, each switch can have multiple switch ports. For example, the root switch 231 can have the switch ports 1-2, the root switch 232 can have the switch ports 3-4, the root switch 233 can have the switch ports 5-6, and the root switch 234 can have the switch ports 7-8.

[0034] In accordance with an embodiment, the fat-tree routing mechanism is one of the most popular routing algorithm for IB based fat-tree topologies. The fat-tree routing mechanism is also implemented in the OFED (Open Fabric Enterprise Distribution - a standard software stack for building and deploying IB based applications) subnet manager, OpenSM.

[0035] The fat-tree routing mechanism aims to generate LFTs that evenly spread shortestpath routes across the links in the network fabric. The mechanism traverses the fabric in the indexing order and assigns target LIDs of the end-nodes, and thus the corresponding routes, to each switch port. For the end-nodes connected to the same leaf switch, the indexing order can depend on the switch port to which the end-node is connected (i.e., port numbering sequence). For each port, the mechanism can maintain a port usage counter, and can use this port usage counter to select a least-used port each time a new route is added.

[0036] In accordance with an embodiment, in a partitioned subnet, nodes that are not members of a common data partition are not allowed to communicate. Practically, this means that some of the routes assigned by the fat-tree routing algorithm are not used for the user traffic. The problem arises when the fat tree routing mechanism generates LFTs for those routes the same way it does for the other functional paths. This behavior can result in degraded balancing on the links, as nodes are routed in the order of indexing. As routing can be performed oblivious to the data partitions, fat-tree routed subnets, in general, provide poor isolation among data partitions.

[0037] In accordance with an embodiment, a Fat-Tree is a hierarchical network topology that can scale with the available network resources. Moreover, Fat-Trees are easy to build using commodity switches placed on different levels of the hierarchy. Different variations of Fat-Trees are commonly available, including k-ary-n-trees, Extended Generalized Fat-Trees (XGFTs), Parallel Ports Generalized Fat-Trees (PGFTs) and Real Life Fat-Trees (RLFTs).

[0038] A k-ary-n-tree is an n level Fat-Tree with kn end-nodes and n · kn-1 switches, each with 2k ports. Each switch has an equal number of up and down connections in the tree. XGFT Fat-Tree extends k-ary-n-trees by allowing both different number of up and down connections for the switches, and different number of connections at each level in the tree. The PGFT definition further broadens the XGFT topologies and permits multiple connections between switches. A large variety of topologies can be defined using XGFTs and PGFTs. However, for practical purposes, RLFT, which is a restricted version of PGFT, is introduced to define Fat-Trees commonly found in today's HPC clusters. An RLFT uses the same port-count switches at all levels in the Fat-Tree.

Input/Output (I/O) Virtualization



[0039] In accordance with an embodiment, I/O Virtualization (IOV) can provide availability of I/O by allowing virtual machines (VMs) to access the underlying physical resources. The combination of storage traffic and inter-server communication impose an increased load that may overwhelm the I/O resources of a single server, leading to backlogs and idle processors as they are waiting for data. With the increase in number of I/O requests, IOV can provide availability; and can improve performance, scalability and flexibility of the (virtualized) I/O resources to match the level of performance seen in modern CPU virtualization.

[0040] In accordance with an embodiment, IOV is desired as it can allow sharing of I/O resources and provide protected access to the resources from the VMs. IOV decouples a logical device, which is exposed to a VM, from its physical implementation. Currently, there can be different types of IOV technologies, such as emulation, paravirtualization, direct assignment (DA), and single root-I/O virtualization (SR-IOV).

[0041] In accordance with an embodiment, one type of IOV technology is software emulation. Software emulation can allow for a decoupled front-end/back-end software architecture. The front-end can be a device driver placed in the VM, communicating with the back-end implemented by a hypervisor to provide I/O access. The physical device sharing ratio is high and live migrations of VMs are possible with just a few milliseconds of network downtime. However, software emulation introduces additional, undesired computational overhead.

[0042] In accordance with an embodiment, another type of IOV technology is direct device assignment. Direct device assignment involves a coupling of I/O devices to VMs, with no device sharing between VMs. Direct assignment, or device passthrough, provides near to native performance with minimum overhead. The physical device bypasses the hypervisor and is directly attached to the VM. However, a downside of such direct device assignment is limited scalability, as there is no sharing among virtual machines - one physical network card is coupled with one VM.

[0043] In accordance with an embodiment, Single Root IOV (SR-IOV) can allow a physical device to appear through hardware virtualization as multiple independent lightweight instances of the same device. These instances can be assigned to VMs as passthrough devices, and accessed as Virtual Functions (VFs). The hypervisor accesses the device through a unique (per device), fully featured Physical Function (PF). SR-IOV eases the scalability issue of pure direct assignment. However, a problem presented by SR-IOV is that it can impair VM migration. Among these IOV technologies, SR-IOV can extend the PCI Express (PCIe) specification with the means to allow direct access to a single physical device from multiple VMs while maintaining near to native performance. Thus, SR-IOV can provide good performance and scalability.

[0044] SR-IOV allows a PCIe device to expose multiple virtual devices that can be shared between multiple guests by allocating one virtual device to each guest. Each SR-IOV device has at least one physical function (PF) and one or more associated virtual functions (VF). A PF is a normal PCIe function controlled by the virtual machine monitor (VMM), or hypervisor, whereas a VF is a light-weight PCIe function. Each VF has its own base address (BAR) and is assigned with a unique requester ID that enables I/O memory management unit (IOMMU) to differentiate between the traffic streams to/from different VFs. The IOMMU also apply memory and interrupt translations between the PF and the VFs.

[0045] Unfortunately, however, direct device assignment techniques pose a barrier for cloud providers in situations where transparent live migration of virtual machines is desired for data center optimization. The essence of live migration is that the memory contents of a VM are copied to a remote hypervisor. Then the VM is paused at the source hypervisor, and the VM's operation is resumed at the destination. When using software emulation methods, the network interfaces are virtual so their internal states are stored into the memory and get copied as well. Thus the downtime could be brought down to a few milliseconds.

[0046] However, migration becomes more difficult when direct device assignment techniques, such as SR-IOV, are used. In such situations, a complete internal state of the network interface cannot be copied as it is tied to the hardware. The SR-IOV VFs assigned to a VM are instead detached, the live migration will run, and a new VF will be attached at the destination. In the case of InfiniBand™ and SR-IOV, this process can introduce downtime in the order of seconds. Moreover, in an SR-IOV shared port model the addresses of the VM will change after the migration, causing additional overhead in the SM and a negative impact on the performance of the underlying network fabric.

InfiniBand™ SR-IOV Architecture - Shared Port



[0047] There can be different types of SR-IOV models, e.g. a shared port model, a virtual switch model, and a virtual port model.

[0048] Figure 4 shows an exemplary shared port architecture, in accordance with an embodiment. As depicted in the figure, a host 300 (e.g., a host channel adapter) can interact with a hypervisor 310, which can assign the various virtual functions 330, 340, 350, to a number of virtual machines. As well, the physical function can be handled by the hypervisor 310.

[0049] In accordance with an embodiment, when using a shared port architecture, such as that depicted in Figure 4, the host, e.g., HCA, appears as a single port in the network with a single shared LID and shared Queue Pair (QP) space between the physical function 320 and the virtual functions 330, 350, 350. However, each function (i.e., physical function and virtual functions) can have their own GID.

[0050] As shown in Figure 4, in accordance with an embodiment, different GIDs can be assigned to the virtual functions and the physical function, and the special queue pairs, QP0 and QP1 (i.e., special purpose queue pairs that are used for InfiniBand™ management packets), are owned by the physical function. These QPs are exposed to the VFs as well, but the VFs are not allowed to use QP0 (all SMPs coming from VFs towards QP0 are discarded), and QP1 can act as a proxy of the actual QP1 owned by the PF.

[0051] In accordance with an embodiment, the shared port architecture can allow for highly scalable data centers that are not limited by the number of VMs (which attach to the network by being assigned to the virtual functions), as the LID space is only consumed by physical machines and switches in the network.

[0052] However, a shortcoming of the shared port architecture is the inability to provide transparent live migration, hindering the potential for flexible VM placement. As each LID is associated with a specific hypervisor, and shared among all VMs residing on the hypervisor, a migrating VM (i.e., a virtual machine migrating to a destination hypervisor) has to have its LID changed to the LID of the destination hypervisor. Furthermore, as a consequence of the restricted QP0 access, a subnet manager cannot run inside a VM.

InfiniBand™ SR-IOV Architecture Models - Virtual Switch (vSwitch)



[0053] Figure 5 shows an exemplary vSwitch architecture, in accordance with an embodiment. As depicted in the figure, a host 400 (e.g., a host channel adapter) can interact with a hypervisor 410, which can assign the various virtual functions 430, 440, 450, to a number of virtual machines. As well, the physical function can be handled by the hypervisor 410. A virtual switch 415 can also be handled by the hypervisor 401.

[0054] In accordance with an embodiment, in a vSwitch architecture each virtual function 430, 440, 450 is a complete virtual Host Channel Adapter (vHCA), meaning that the VM assigned to a VF is assigned a complete set of IB addresses (e.g., GID, GUID, LID) and a dedicated QP space in the hardware. For the rest of the network and the SM, the HCA 400 looks like a switch, via the virtual switch 415, with additional nodes connected to it. The hypervisor 410 can use the PF 420, and the VMs (attached to the virtual functions) use the VFs.

[0055] In accordance with an embodiment, a vSwitch architecture provide transparent virtualization. However, because each virtual function is assigned a unique LID, the number of available LIDs gets consumed rapidly. As well, with many LID addresses in use (i.e., one each for each physical function and each virtual function), more communication paths have to be computed by the SM and more Subnet Management Packets (SMPs) have to be sent to the switches in order to update their LFTs. For example, the computation of the communication paths might take several minutes in large networks. Because LID space is limited to 49151 unicast LIDs, and as each VM (via a VF), physical node, and switch occupies one LID each, the number of physical nodes and switches in the network limits the number of active VMs, and vice versa.

InfiniBand™ SR-IOV Architecture Models - Virtual Port (vPort)



[0056] Figure 6 shows an exemplary vPort concept, in accordance with an embodiment. As depicted in the figure, a host 300 (e.g., a host channel adapter) can interact with a hypervisor 410, which can assign the various virtual functions 330, 340, 350, to a number of virtual machines. As well, the physical function can be handled by the hypervisor 310.

[0057] In accordance with an embodiment, the vPort concept is loosely defined in order to give freedom of implementation to vendors (e.g. the definition does not rule that the implementation has to be SRIOV specific), and a goal of the vPort is to standardize the way VMs are handled in subnets. With the vPort concept, both SR-IOV Shared-Port-like and vSwitch-like architectures or a combination of both, that can be more scalable in both the space and performance domains, can be defined. A vPort supports optional LIDs, and unlike the Shared-Port, the SM is aware of all the vPorts available in a subnet even if a vPort is not using a dedicated LID.

InfiniBand™ SR-IOV Architecture Models - vSwitch with Prepopulated LIDs



[0058] In accordance with an embodiment, the present disclosure provides a system and method for providing a vSwitch architecture with prepopulated LIDs.

[0059] Figure 7 shows an exemplary vSwitch architecture with prepopulated LIDs, in accordance with an embodiment. As depicted in the figure, a number of switches 501-504 can provide communication within the network switched environment 600 (e.g., an IB subnet) between members of a fabric, such as an InfiniBand™ fabric. The fabric can include a number of hardware devices, such as host channel adapters 510, 520, 530. Each of the host channel adapters 510, 520, 530, can in turn interact with a hypervisor 511, 521, and 531, respectively. Each hypervisor can, in turn, in conjunction with the host channel adapter it interacts with, setup and assign a number of virtual functions 514, 515, 516, 524, 525, 526, 534, 535, 536, to a number of virtual machines. For example, virtual machine 1 550 can be assigned by the hypervisor 511 to virtual function 1 514. Hypervisor 511 can additionally assign virtual machine 2 551 to virtual function 2 515, and virtual machine 3 552 to virtual function 3 516. Hypervisor 531 can, in turn, assign virtual machine 4 553 to virtual function 1 534. The hypervisors can access the host channel adapters through a fully featured physical function 513, 523, 533, on each of the host channel adapters.

[0060] In accordance with an embodiment, each of the switches 501-504 can comprise a number of ports (not shown), which are used in setting a linear forwarding table in order to direct traffic within the network switched environment 600.

[0061] In accordance with an embodiment, the virtual switches 512, 522, and 532, can be handled by their respective hypervisors 511, 521, 531. In such a vSwitch architecture each virtual function is a complete virtual Host Channel Adapter (vHCA), meaning that the VM assigned to a VF is assigned a complete set of IB addresses (e.g., GID, GUID, LID) and a dedicated QP space in the hardware. For the rest of the network and the SM (not shown), the HCAs 510, 520, and 530 look like a switch, via the virtual switches, with additional nodes connected to them.

[0062] In accordance with an embodiment, the present disclosure provides a system and method for providing a vSwitch architecture with prepopulated LIDs. Referring to Figure 7, the LIDs are prepopulated to the various physical functions 513, 523, 533, as well as the virtual functions 514-516, 524-526, 534-536 (even those virtual functions not currently associated with an active virtual machine). For example, physical function 513 is prepopulated with LID 1, while virtual function 1 534 is prepopulated with LID 10. The LIDs are prepopulated in an SR-IOV vSwitch-enabled subnet when the network is booted. Even when not all of the VFs are occupied by VMs in the network, the populated VFs are assigned with a LID as shown in Figure 7.

[0063] In accordance with an embodiment, much like physical host channel adapters can have more than one port (two ports are common for redundancy), virtual HCAs can also be represented with two ports and be connected via one, two or more virtual switches to the external IB subnet.

[0064] In accordance with an embodiment, in a vSwitch architecture with prepopulated LIDs, each hypervisor can consume one LID for itself through the PF and one more LID for each additional VF. The sum of all the VFs available in all hypervisors in an IB subnet, gives the maximum amount of VMs that are allowed to run in the subnet. For example, in an IB subnet with 16 virtual functions per hypervisor in the subnet, then each hypervisor consumes 17 LIDs (one LID for each of the 16 virtual functions plus one LID for the physical function) in the subnet. In such an IB subnet, the theoretical hypervisor limit for a single subnet is ruled by the number of available unicast LIDs and is: 2891 (49151 available LIDs divided by 17 LIDs per hypervisor), and the total number of VMs (i.e., the limit) is 46256 (2891 hypervisors times 16 VFs per hypervisor). (In actuality, these numbers are smaller since each switch, router, or dedicated SM node in the IB subnet consumes a LID as well). Note that the vSwitch does not need to occupy an additional LID as it can share the LID with the PF.

[0065] In accordance with an embodiment, in a vSwitch architecture with prepopulated LIDs, communication paths are computed for all the LIDs the first time the network is booted. When a new VM needs to be started the system does not have to add a new LID in the subnet, an action that would otherwise cause a complete reconfiguration of the network, including path recalculation, which is the most time consuming part. Instead, an available port for a VM is located (i.e., an available virtual function) in one of the hypervisors and the virtual machine is attached to the available virtual function.

[0066] In accordance with an embodiment, a vSwitch architecture with prepopulated LIDs also allows for the ability to calculate and use different paths to reach different VMs hosted by the same hypervisor. Essentially, this allows for such subnets and networks to use a LID Mask Control (LMC) like feature to provide alternative paths towards one physical machine, without being bound by the limitation of the LMC that requires the LIDs to be sequential. The freedom to use non-sequential LIDs is particularly useful when a VM needs to be migrated and carry its associated LID to the destination.

[0067] In accordance with an embodiment, along with the benefits shown above of a vSwitch architecture with prepopulated LIDs, certain considerations can be taken into account. For example, because the LIDs are prepopulated in an SR-IOV vSwitch-enabled subnet when the network is booted, the initial path computation (e.g., on boot-up) can take longer than if the LIDs were not pre-populated.

InfiniBand™ SR-IOV Architecture Models - vSwitch with Dynamic LID Assignment



[0068] In accordance with an embodiment, the present disclosure provides a system and method for providing a vSwitch architecture with dynamic LID assignment.

[0069] Figure 8 shows an exemplary vSwitch architecture with dynamic LID assignment, in accordance with an embodiment. As depicted in the figure, a number of switches 501-504 can provide communication within the network switched environment 700 (e.g., an IB subnet) between members of a fabric, such as an InfiniBand™ fabric. The fabric can include a number of hardware devices, such as host channel adapters 510, 520, 530. Each of the host channel adapters 510, 520, 530, can in turn interact with a hypervisor 511, 521, 531, respectively. Each hypervisor can, in turn, in conjunction with the host channel adapter it interacts with, setup and assign a number of virtual functions 514, 515, 516, 524, 525, 526, 534, 535, 536, to a number of virtual machines. For example, virtual machine 1 550 can be assigned by the hypervisor 511 to virtual function 1 514. Hypervisor 511 can additionally assign virtual machine 2 551 to virtual function 2 515, and virtual machine 3 552 to virtual function 3 516. Hypervisor 531 can, in turn, assign virtual machine 4 553 to virtual function 1 534. The hypervisors can access the host channel adapters through a fully featured physical function 513, 523, 533, on each of the host channel adapters.

[0070] In accordance with an embodiment, each of the switches 501-504 can comprise a number of ports (not shown), which are used in setting a linear forwarding table in order to direct traffic within the network switched environment 700.

[0071] In accordance with an embodiment, the virtual switches 512, 522, and 532, can be handled by their respective hypervisors 511, 521, 531. In such a vSwitch architecture each virtual function is a complete virtual Host Channel Adapter (vHCA), meaning that the VM assigned to a VF is assigned a complete set of IB addresses (e.g., GID, GUID, LID) and a dedicated QP space in the hardware. For the rest of the network and the SM (not shown), the HCAs 510, 520, and 530 look like a switch, via the virtual switches, with additional nodes connected to them.

[0072] In accordance with an embodiment, the present disclosure provides a system and method for providing a vSwitch architecture with dynamic LID assignment. Referring to Figure 8, the LIDs are dynamically assigned to the various physical functions 513, 523, 533, with physical function 513 receiving LID 1, physical function 523 receiving LID 2, and physical function 533 receiving LID 3. Those virtual functions that are associated with an active virtual machine can also receive a dynamically assigned LID. For example, because virtual machine 1 550 is active and associated with virtual function 1 514, virtual function 514 can be assigned LID 5. Likewise, virtual function 2 515, virtual function 3 516, and virtual function 1 534 are each associated with an active virtual function. Because of this, these virtual functions are assigned LIDs, with LID 7 being assigned to virtual function 2 515, LID 11 being assigned to virtual function 3 516, and LID 9 being assigned to virtual function 1 534. Unlike vSwitch with prepopulated LIDs, those virtual functions not currently associated with an active virtual machine do not receive a LID assignment.

[0073] In accordance with an embodiment, with the dynamic LID assignment, the initial path computation can be substantially reduced. When the network is booting for the first time and no VMs are present then a relatively small number of LIDs can be used for the initial path calculation and LFT distribution.

[0074] In accordance with an embodiment, much like physical host channel adapters can have more than one port (two ports are common for redundancy), virtual HCAs can also be represented with two ports and be connected via one, two or more virtual switches to the external IB subnet.

[0075] In accordance with an embodiment, when a new VM is created in a system utilizing vSwitch with dynamic LID assignment, a free VM slot is found in order to decide on which hypervisor to boot the newly added VM, and a unique non-used unicast LID is found as well. However, there are no known paths in the network and the LFTs of the switches for handling the newly added LID. Computing a new set of paths in order to handle the newly added VM is not desirable in a dynamic environment where several VMs may be booted every minute. In large IB subnets, computing a new set of routes can take several minutes, and this procedure would have to repeat each time a new VM is booted.

[0076] Advantageously, in accordance with an embodiment, because all the VFs in a hypervisor share the same uplink with the PF, there is no need to compute a new set of routes. It is only needed to iterate through the LFTs of all the physical switches in the network, copy the forwarding port from the LID entry that belongs to the PF of the hypervisor -where the VM is created- to the newly added LID, and send a single SMP to update the corresponding LFT block of the particular switch. Thus the system and method avoids the need to compute a new set of routes.

[0077] In accordance with an embodiment, the LIDs assigned in the vSwitch with dynamic LID assignment architecture do not have to be sequential. When comparing the LIDs assigned on VMs on each hypervisor in vSwitch with prepopulated LIDs versus vSwitch with dynamic LID assignment, it is notable that the LIDs assigned in the dynamic LID assignment architecture are non-sequential, while those prepopulated in are sequential in nature. In the vSwitch dynamic LID assignment architecture, when a new VM is created, the next available LID is used throughout the lifetime of the VM. Conversely, in a vSwitch with prepopulated LIDs, each VM inherits the LID that is already assigned to the corresponding VF, and in a network without live migrations, VMs consecutively attached to a given VF get the same LID.

[0078] In accordance with an embodiment, the vSwitch with dynamic LID assignment architecture can resolve the drawbacks of the vSwitch with prepopulated LIDs architecture model at a cost of some additional network and runtime SM overhead. Each time a VM is created, the LFTs of the physical switches in the subnet are updated with the newly added LID associated with the created VM. One subnet management packet (SMP) per switch is needed to be sent for this operation. The LMC-like functionality is also not available, because each VM is using the same path as its host hypervisor. However, there is no limitation on the total amount of VFs present in all hypervisors, and the number of VFs may exceed that of the unicast LID limit. Of course, not all of the VFs are allowed to be attached on active VMs simultaneously if this is the case, but having more spare hypervisors and VFs adds flexibility for disaster recovery and optimization of fragmented networks when operating close to the unicast LID limit.

InfiniBand™ SR-IOV Architecture Models - vSwitch with Dynamic LID Assignment and Prepopulated LIDs



[0079] Figure 9 shows an exemplary vSwitch architecture with vSwitch with dynamic LID assignment and prepopulated LIDs, in accordance with an embodiment. As depicted in the figure, a number of switches 501-504 can provide communication within the network switched environment 800 (e.g., an IB subnet) between members of a fabric, such as an InfiniBand™ fabric. The fabric can include a number of hardware devices, such as host channel adapters 510, 520, 530. Each of the host channel adapters 510, 520, 530, can in turn interact with a hypervisor 511, 521, and 531, respectively. Each hypervisor can, in turn, in conjunction with the host channel adapter it interacts with, setup and assign a number of virtual functions 514, 515, 516, 524, 525, 526, 534, 535, 536, to a number of virtual machines. For example, virtual machine 1 550 can be assigned by the hypervisor 511 to virtual function 1 514. Hypervisor 511 can additionally assign virtual machine 2 551 to virtual function 2 515. Hypervisor 521 can assign virtual machine 3 552 to virtual function 3 526. Hypervisor 531 can, in turn, assign virtual machine 4 553 to virtual function 2 535. The hypervisors can access the host channel adapters through a fully featured physical function 513, 523, 533, on each of the host channel adapters.

[0080] In accordance with an embodiment, each of the switches 501-504 can comprise a number of ports (not shown), which are used in setting a linear forwarding table in order to direct traffic within the network switched environment 800.

[0081] In accordance with an embodiment, the virtual switches 512, 522, and 532, can be handled by their respective hypervisors 511, 521, 531. In such a vSwitch architecture each virtual function is a complete virtual Host Channel Adapter (vHCA), meaning that the VM assigned to a VF is assigned a complete set of IB addresses (e.g., GID, GUID, LID) and a dedicated QP space in the hardware. For the rest of the network and the SM (not shown), the HCAs 510, 520, and 530 look like a switch, via the virtual switches, with additional nodes connected to them.

[0082] In accordance with an embodiment, the present disclosure provides a system and method for providing a hybrid vSwitch architecture with dynamic LID assignment and prepopulated LIDs. Referring to Figure 9, hypervisor 511 can be arranged with vSwitch with prepopulated LIDs architecture, while hypervisor 521 can be arranged with vSwitch with prepopulated LIDs and dynamic LID assignment. Hypervisor 531 can be arranged with vSwitch with dynamic LID assignment. Thus, the physical function 513 and virtual functions 514-516 have their LIDs prepopulated (i.e., even those virtual functions not attached to an active virtual machine are assigned a LID). Physical function 523 and virtual function 1 524 can have their LIDs prepopulated, while virtual function 2 and 3, 525 and 526, have their LIDs dynamically assigned (i.e., virtual function 2 525 is available for dynamic LID assignment, and virtual function 3 526 has a LID of 11 dynamically assigned as virtual machine 3 552 is attached). Finally, the functions (physical function and virtual functions) associated with hypervisor 3 531 can have their LIDs dynamically assigned. This results in virtual functions 1 and 3, 534 and 536, are available for dynamic LID assignment, while virtual function 2 535 has LID of 9 dynamically assigned as virtual machine 4 553 is attached there.

[0083] In accordance with an embodiment, such as that depicted in Figure 9, where both vSwitch with prepopulated LIDs and vSwitch with dynamic LID assignment are utilized (independently or in combination within any given hypervisor), the number of prepopulated LIDs per host channel adapter can be defined by a fabric administrator and can be in the range of 0 <= prepopulated VFs <= Total VFs (per host channel adapter), and the VFs available for dynamic LID assignment can be found by subtracting the number of prepopulated VFs from the total number of VFs (per host channel adapter).

[0084] In accordance with an embodiment, much like physical host channel adapters can have more than one port (two ports are common for redundancy), virtual HCAs can also be represented with two ports and be connected via one, two or more virtual switches to the external IB subnet.

InfiniBand™ - Inter-Subnet Communication



[0085] In accordance with an embodiment, in addition to providing an InfiniBand™ fabric within a single subnet, embodiments of the current disclosure can also provide for an InfiniBand™ fabric that spans two or more subnets.

[0086] Figure 10 shows an exemplary multi-subnet InfiniBand™ fabric, in accordance with an embodiment. As depicted in the figure, within subnet A 1000, a number of switches 1001-1004 can provide communication within subnet A 1000 (e.g., an IB subnet) between members of a fabric, such as an InfiniBand™ fabric. The fabric can include a number of hardware devices, such as, for example, channel adapter 1010. Host channel adapters 1010 can in turn interact with a hypervisor 1011. The hypervisor can, in turn, in conjunction with the host channel adapter it interacts with, setup a number of virtual functions 1014. The hypervisor can additionally assign virtual machines to each of the virtual functions, such as virtual machine 1 1015 being assigned to virtual function 1 1014. The hypervisor can access their associated host channel adapters through a fully featured physical function, such as physical function 1013, on each of the host channel adapters.

[0087] With further reference to Figure 10, and in accordance with an embodiment, a number of switches 1021-1024 can provide communication within subnet B 1040 (e.g., an IB subnet) between members of a fabric, such as an InfiniBand™ fabric. The fabric can include a number of hardware devices, such as, for example, host channel adapter 1030. Host channel adapter 1030 can in turn interact with a hypervisor 1031. The hypervisor can, in turn, in conjunction with the host channel adapter it interacts with, setup a number of virtual functions 1034. The hypervisors can additionally assign virtual machines to each of the virtual functions, such as virtual machine 2 1035 being assigned to virtual function 2 1034. The hypervisor can access their associated host channel adapters through a fully featured physical function, such as physical function 1033, on each of the host channel adapters. It is noted that, although only one host channel adapter is shown within each subnet (i.e., subnet A and subnet B), it is to be understood that a plurality of host channel adapters, and their corresponding components, can be included within each subnet.

[0088] In accordance with an embodiment, each of the host channel adapters can additionally be associated with a virtual switch, such as virtual switch 1012 and virtual switch 1032, and each HCA can be set up with a different architecture model, as discussed above. Although both subnets within Figure 10 are shown as using a vSwitch with prepopulated LID architecture model, this is not meant to imply that all such subnet configurations must follow a similar architecture model.

[0089] In accordance with an embodiment, at least one switch within each subnet can be associated with a router, such as switch 1002 within subnet A 1000 being associated with router 1005, and switch 1021 within subnet B 1040 being associated with router 1006.

[0090] In accordance with an embodiment, when traffic at an originating source, such as virtual machine 1 within subnet A, is addressed to a destination at a different subnet, such as virtual machine 2 within subnet B, the traffic can be addressed to the router within subnet A, i.e., router 1005, which can then pass the traffic to subnet B via its link with router 1006.

Fabric Manager



[0091] As discussed above, a network fabric, such as an InfiniBand™ fabric, can span a plurality of subnets through the use of interconnected routers in each subnet of the fabric. In accordance with an embodiment, a fabric manager (not shown) can be implemented on a host which is a member of the network fabric and can be employed within the fabric to manage both physical and logical resources that are part of the fabric. For instance, management tasks such as discovering fabric resources, controlling connectivity between physical servers, collecting and viewing real-time network statistics, disaster recovery, and setting quality of service (QoS) settings, among others, may be performed by a user through the fabric manager. In accordance with an embodiment, the fabric manager may span all subnets defined in the fabric. That is, the fabric manager can manage physical and logical resources that are members of, or associated with, the fabric at large, regardless of which subnet the resources are a member of.

[0092] In accordance with an embodiment, the fabric manager can include a graphical user interface (GUI) through which a user can perform administration functions. The fabric manager GUI can incorporate visualization tools that allow a user to monitor and control fabric resources. For example, in an embodiment, a user can view server connections, configuration settings and performance statistics for servers across the fabric through the fabric interface. Other examples of fabric functionality that can be monitored and/or managed through the fabric manger GUI include discovering inter-subnet fabric topology, viewing visual representations of these topologies, creating fabric profiles (e.g., virtual machine fabric profiles), and building and management of a fabric manager database that can store fabric profiles, metadata, configuration settings and other data required by, and related to, the network fabric. In accordance with an embodiment, the fabric manager database is a fabric-level database.

[0093] In addition, the fabric manager can define legal inter-subnet connectivity in terms of which subnets are allowed to communicate via which router ports using which partition numbers. In accordance with an embodiment, the fabric manager is a centralized fabric management utility. The above examples are not meant to be limiting.

[0094] In accordance with an embodiment, some of the fabric manager's functionality can be initiated by a user, and other functionality can be abstracted from the user, or be automated (e.g., some functionality may be performed by the fabric manager upon startup, or at other predetermined events).

[0095] In an exemplary embodiment of a management event, a user may initiate, at the fabric manger interface, a configuration change directed towards a network fabric device. After receiving the configuration change request, the fabric manager may, in turn, ensure that the configuration change request is properly carried out. For example, the fabric manager may communicate the request to the device and ensure that the configuration change is written to the device's configuration. In one embodiment, the physical device acknowledges to the fabric manager that the configuration change has successfully completed. In accordance with an embodiment, the fabric manager may then update the interface to give a visual confirmation that the request has been carried out. Further, the fabric manager may persist the configuration of the device to the fabric manager database, e.g., for disaster recovery or other purposes.

[0096] In accordance with an embodiment, the fabric manager can have other interfaces, such as a command line interface, that includes some, all, or more functionality than the GUI.

Fabric-Level Resource Domains



[0097] As discussed above, a fabric manager can allow users to perform administrative tasks throughout the network fabric through an interface of the fabric manager. In accordance with an embodiment, an additional function of the fabric manager is facilitation of hierarchical role-based access control. In an embodiment, role-based access control is achieved through fabric-level resource domains.

[0098] In accordance with an embodiment, role-based access control is based on the concept of fabric users. Access from both human administrators and external management applications can represent an authenticated context that defines legal operations on all or a subset of the fabric infrastructure or fabric resources. For example, a user can be represented in the fabric by a user profile. That is, within the fabric a user can be defined by creating a profile of the user and assigning attributes to the profile. A user profile can be assigned a username attribute, and a password attribute, where the username is unique within the fabric, thereby uniquely identifying the user. Further, the user profile may be associated with certain roles defined in the fabric that assign certain access levels to different resources within the fabric. In accordance with an embodiment, setting up user profiles can be accomplished through the fabric manager interface. All or part of the user profile can be stored in the fabric manger database. Moreover, in an embodiment, the fabric manager can integrate with well-known user directories, such as Microsoft's® Active Directory or LDAP directories, or with, e.g., the RADIUS networking protocol for remote authentication.

[0099] In accordance with an embodiment, the fabric manager can manage fabric resources that it discovers through fabric-level resource domains (also referred to as "resource domains", or simply "domains" herein). A resource domain is a logical grouping of fabric resources defined at the fabric level. Fabric resources include both physical and logical resources. Some examples of resources include fabric devices (such as HCAs, physical nodes, and switches), fabric profiles (such as virtual machine fabric profiles, and user profiles), virtual machines, clouds, and I/O modules, among others.

[0100] In accordance with an embodiment, all fabric resources discovered and managed by the fabric manager reside in the default domain, which exists by default (i.e., without the need to setup or configure it) in the fabric, and can be accessed through the fabric manager interface. The default domain is the highest level domain - that is, it is the parent domain to all other resource domains, and all other resource domains exist within the default domain. The default domain is associated with a fabric-level administrator, which also exists by default, and is configured with administrative privileges in the default domain by default.

[0101] In accordance with an embodiment, resource domains represent a hierarchical form of resource management. For example, the process of configuring and managing the default domain is available only to the fabric-level administrator. However, child domains can be created within the default domain by the fabric-level administrator. For instance, the fabric-level administrator can create a child domain and can add domain resources to the child domain. Additionally the fabric-level administrator can create domain-level "domain admin" users and add (i.e., associate) the domain admin users to the child domain. Making the domain admin user a member of the resource domain allows the domain admin user to manage the child domain and its contained subset of the fabric resources. In accordance with an embodiment, the domain admin user cannot manage resources outside of the child domain (i.e., resources at a parallel or a higher level than the domain admin is associated with). However the domain admin can manage resources contained in resource domains that have been created as child domains of the resource domain. In accordance with an embodiment, the fabric manager is responsible for providing the security that ensures that resource domain boundaries are strictly enforced.

[0102] Figure 11 shows the hierarchical structure of resource domains. As shown, default domain 1102 exists within network fabric 1100. Fabric-level administrator 1110 has access rights to manage fabric-level resources 1112, 1124, and 1134. Fabric-level administrator 1110 can also create and administer new resource domains within default domain 1102. Fabric-level administrator 1110 has created resource domain 1120 and 1130, and corresponding domain-level domain admin users 1122 and 1132. Domain admin user 1122 has access rights to manage fabric resources 1124 (assigned to resource domain 1120 by fabric-level administrator 1110), but has no access rights to manage fabric resources 1112 (at a higher level) or domain resources 1134 (at a parallel level). Likewise, Domain admin user 1132 has access rights to manage fabric resources 1134 (assigned to resource domain 1130 by Fabric-level administrator 1110), but has no access rights to manage fabric resources 1112 (at a higher level) or domain resources 1124 (at a parallel level).

Admin Partitions



[0103] In accordance with an embodiment, a resource domain can be represented at the subnet level by an administration, or "admin" partition (as they are referred to herein). An admin partition represents a group membership which grants access rights at the subnet level to subnet resources. Members of an admin partition are considered privileged, in that the members have access rights to any subnet resources that are associated with the admin partition, in accordance with an embodiment. At the fabric manager level, an admin partition is associated with a resource domain and a corresponding domain admin user. Thus, user-role separation can be ensured in multi-tenant environments at the subnet level. Further, resource domain membership can be correlated with admin partition membership, so that resources that are members of an admin partition that is associated with a particular resource domain are also members of the resource domain.

[0104] In accordance with an embodiment, an admin partition can be defined at the subnet level in the same way that a data partition is defined, but with an additional attribute specifying that the partition being created is an admin partition. Like data partitions (discussed in detail, above), admin partitions can be created by an administrator through the fabric manager interface, in accordance with an embodiment. In an embodiment, the fabric manager can support an "admin partition" flag as an optional parameter during the creation of a partition. If selected by the creating administrator, the fabric manager will include the additional attribute specifying that the newly created partition is an admin partition, and will be treated as an admin partition by the fabric manager and the local master subnet manager.

[0105] In accordance with an embodiment, the fabric manager can be configured to automatically create a corresponding admin partition for each resource domain that is created, and associate the automatically created partition with the corresponding resource domain. In such an embodiment, when fabric-level resources are added to the resource domain, the fabric manager also associates them with the admin partition that was automatically created and associated with the resource domain. Thus, resources added to the resource domain will have subnet-level access rights to each other upon being added to the resource domain, with no further action being taken by the administrator (e.g., the fabric-level administrator or the domain admin).

[0106] Moreover, in accordance with an embodiment, entire subnets of the network can represent a special resource domain in a domain hierarchy that has a top-level domain (e.g., the default domain). For instance, in a domain hierarchy, where the default domain represents the top-level domain, each subnet of the network fabric can then be recognized by the fabric manager as a child domain of the default domain. Recognition of entire subnets as child domains of a top-level domain can be configured as default behavior of the fabric manager, or these default domains can be manually defined by an administrator. Here again, in order to have user role separation and enforcement of domain boundaries and resource associations at the subnet level, admin partitions corresponding to entire-subnet resource domains can be defined. In accordance with an embodiment, an admin partition that is defined in a subnet and includes each resource in that subnet (as either a member, or associated with the admin partition) can be termed a "domain global" admin partition, since in this configuration, every resource in the subnet would have access rights to every other resource.

[0107] In accordance with an embodiment, an admin partition can be transparent to a domain admin. As noted above, a domain global admin partition can be created automatically for a resource domain at the fabric manager level, and then all resources assigned to or created within the scope of this domain can automatically be associated with the corresponding admin partition. In another embodiment, however, the domain admin can explicitly create different admin partitions within the relevant resource domain, and then resources within the domain can be explicitly associated with the explicitly created admin partition instead of with the admin partition that was created by default for the resource domain.

[0108] In accordance with an embodiment, the fabric manager can support the creation of both shared and private admin partitions. Admin partitions created by a fabric-level administrator in the default domain can be shared partitions that can be made available to individual resource domains. Admin partitions created by a domain admin (i.e., a user with credentials associated with a specific resource domain) in the domain in which the domain admin is a member can be private partitions associated with and available only to the specific resource domain in whose context the admin partitions were created.

[0109] In accordance with an embodiment, end-ports of HCAs and vHCAs can be members of an admin partition, just as they can be members of a data partition. Admin partitions are differentiated from data partitions, however, in that admin partitions can be associated with other subnet resources, in accordance with an embodiment. For example, a data partition can be associated with an admin partition. Further, an admin partition can be associated with another admin partition, as a child or as a parent, thus making admin partitions a hierarchical concept and able to correspond with the hierarchy of the resource domains they are associated with, in accordance with an embodiment.

[0110] As a technical matter, end-ports of HCAs (and vHCAs) can be referred to as "members" of partitions, in traditional terminology, and other resources can be "associated with" admin partitions, in accordance with an embodiment. The technical differences in these two concepts are explained below. For convenience and readability, however, this document may occasionally, in reference to admin partitions, use the terms "member" and "associated with" interchangeably. Notwithstanding the use of these terms interchangeably, it is to be understood that the technical differences between end-port/HCA membership in, and resource association with, admin partitions is meant to be consistently applied by the reader.

[0111] In accordance with an embodiment, an admin partition is defined by a P_Key, just as a data partition is defined. However, while an end-port is aware of the data partitions that it is a member of, it is not necessary that end-ports be aware of what admin partitions they are members of. Thus, in one embodiment, a P_Key defining an admin partition is not entered in the P_Key table of member end-ports. In this way the creation of an admin partition does not waste P_Key table entries - which are a limited resource - if an admin partition is not used for IB packet traffic. In another embodiment, however, an admin partition may function as both an admin partition and a data partition. In such an embodiment, all P_Key tables of end-ports that are members of the admin partition can have a P_Key entry for the admin partition in their respective P_Key tables. In accordance with an embodiment, a data partition may be defined as any partition that is not also an admin partition.

Admin Partition To Data Partition Associations



[0112] In accordance with an embodiment, a data partition can be associated with one or more admin partitions. For example, a data partition, being defined by a P_Key value, can be associated with an admin partition that is defined by its own distinct P_Key value. Moreover, the data partition can be associated with a second admin partition defined by yet another distinct P_Key value. In accordance with an embodiment, the association of a data partition with a specific admin partition can define a maximum membership level for end-ports that are members of the specific admin partition.

[0113] As noted above, an admin partition represents a group membership which grants access rights to subnet resources. In accordance with an embodiment, any end-port member of an admin partition has access rights to any subnet resource that is associated with the same admin partition based solely on the end-port's membership in the admin partition. Thus, any end-port that is a member of an admin partition has access rights to any data partition that is associated with that same admin partition. Notably, this does not necessarily mean that the member end-port is a member of the associated data partition, but that it has access rights to the associated data partition, and therefore could be a member of the data partition.

[0114] Such a scheme obviates the need for administrators to grant end-ports access to, e.g., data partitions by manually including the data partition's P_Key in the P_Key table of the end-port. In an embodiment, when an end-port is initialized in the subnet, the master subnet manager can query a data store (e.g., an admin partition registry, as discussed below) that holds admin partition definitions (e.g., P_Keys), and relationships that define membership in the defined admin partitions and that define associations with the defined admin partitions, to determine which admin partitions the end-port is a member of. The subnet manager can then further check to see if there are any data partitions associated with the admin partitions of which the end-port is a member. If the SM finds that 1) the end-port is a member of an admin partition, and 2) that that admin partition is associated with a data partition, then the SM can automatically place the P_Key of the associated data partition in the P_Key table of the end-port, thereby automatically granting the end-port access to the data partition. Thus, the admin partition represents a simpler, more scalable solution than manual partition mapping by administrators.

[0115] Figure 12 shows an exemplary network fabric having both admin partitions and data partitions. As shown in Figure 12, admin partitions 1230, 1240, and 1250 have been defined within the fabric. Nodes A-E 1201-1205, are physically connected to the fabric by their respective HCAs 1211-1215. Additionally, each HCA is a member of at least one admin partition. HCA 1211 and HCA 1214 are members of admin partition 1230. HCA 1211 is also a member of admin partition 1240, along with HCAs 1212 and 1213. HCA 1213 is, additionally, a member of admin partition 1250, along with HCA 1215.

[0116] With further reference to Figure 12, and in accordance with an embodiment, data partitions 1232, 1242, and 1252 have been defined within the fabric. Data partition 1232 is associated with admin partition 1230, data partition 1242 is associated with admin partition 1240, and data partition 1252 is associated with admin partition 1250. In accordance with an embodiment, HCA 1211 and HCA 1214 have access rights to membership in data partition 1232 based on their membership in admin partition 1230. Likewise, HCAs 1211-1213 have access rights to membership in data partition 1242 based on their membership in admin partition 1240. Moreover, HCAs 1213 and 1215 have access rights to membership in data partition 1252 based on their membership in admin partition 1250.

[0117] In accordance with an embodiment, a subnet manager (e.g., the master subnet manager) can have access to stored data defining both 1) which end-ports in a subnet are members of which admin partitions defined within the subnet, and 2) which data partitions defined within the subnet are associated with which admin partitions defined within the subnet. Access to such information can allow the SM to respond to dynamic requests for membership in data partitions from end-ports. The ability of an end-port (through its HCA) to dynamically request, and a SM to dynamically grant (or deny), end-port membership in a data partition obviates the need for an administrator to explicitly grant end-ports access to data partitions by manually including the data partition's P_Key in the P_Key table of the end-port. As a result, administrative overhead is significantly lowered.

[0118] As noted above, a SM can have access to defined admin-partition-to-data-partition associations, and to information defining end-port membership within admin partitions (collectively, this information will occasionally be referred to herein as "Admin Partition Association Information"). In accordance with an embodiment, Admin Partition Association Information can be defined and persisted so as to facilitate SM access to the Admin Partition Association Information. For instance, as discussed above, admin partitions and data partitions are represented at the subnet level by P_Keys. For a given admin partition defined by a P_Key in a subnet, there can exist one or more relationships that map one or more respective data partitions, also defined by a P_Key in the subnet, to the given admin partition. This (admin partition) P_Key to (data partition) P_Key relationship can define an association of the data partition with the given admin partition, and the relationship is included as a component of the Admin Partition Association Information.

[0119] As discussed above, the Admin Partition Association Information can also include information defining end-port membership within admin partitions. In accordance with an embodiment, and as previously noted, an end-port is represented at the subnet level by a GUID (or a vGUID, if the end-port is that of a vHCA - however, the format of a GUID and a vGUID can be identical, and therefore can appear the same to a SM, in accordance with an embodiment). Thus, end-port membership in an admin partition can be defined at the subnet level through a GUID to admin partition P_Key relationship, in accordance with an embodiment.

[0120] Moreover, and in accordance with an embodiment, the Admin Partition Association Information that defines admin-partition-to-data-partition associations, and end-port membership in admin partitions within a subnet, can be stored in any suitable format that allows a SM to access the information stored therein. For instance, in an exemplary embodiment, the P_Keys can be mapped to each other in a flat-file that uses delimiters to define the relationships. In another embodiment, the P_Keys can be mapped to each other in semi-structured format, such as a hierarchical XML format. In still another exemplary embodiment, the P_Keys can be mapped to each other using a fully structured format, such as a relational database. A person having skill in the art will appreciate that there are a number of suitable ways to store the Admin Partition Association Information so that a SM can access the information, and the above examples are not meant to be limiting.

[0121] Figure 13 shows an exemplary data store 1300 for storing Admin Partition Association Information, in accordance with an embodiment. Data store 1300 is depicted as tables in a relational database diagram, because such diagrams show the relationships between the related components. However, Figure 13 is meant to be illustrative of the relationships between the Admin Partition Association Information, and not meant to be limiting. As discussed above, any suitable data structure can provide an embodiment of the invention. Indeed, an exemplary embodiment may include the Admin Partition Association Information replicated in several different formats across the fabric, where each format is suited for, and serves, a different primary purpose within the fabric.

[0122] As shown in Figure 13, admin partition table 1312 can contain at least one admin partition P_Key 1302 that defines an admin partition within a subnet. Data partition table 1316 can contain at least one data partition P_Key 1314 that defines a data partition within the subnet. GUID table 1308 can contain at least one GUID 1320 that represents an end-port in the subnet. The represented end-port can be an end-port of a HCA (or vHCA) of a node within the subnet. For instance, GUID table 1308 can contain an HCA instance ID 1322 that associates each GUID with a specific HCA. HCA instance ID 1322 can be a unique ID of the associated specific HCA.

[0123] With continued reference to Figure 13, Admin partition_data partition mapping table 1324 is created with relationship 1352 and relationship 1354. Admin partition_data partition mapping table 1324 can allow a SM (not shown) to access data showing which admin partition P_Keys 1302 are associated with which data partition P_Keys 1314. For example, a subnet manager can query data store 1300 to return each data partition P_Key 1314 that is associated with a specific admin partition P_Key 1302. Likewise, a SM can query data store 1300 for each admin partition P_Key 1302 that a specific data partition P_Key 1314 is associated with.

[0124] With further reference to Figure 13, Admin partition_GUID mapping table 1318 is created with relationship 1356 and relationship 1358. Admin partition_GUID mapping table 1318 can allow a SM (not shown) to access data showing which admin partition P_Keys 1302 are associated with which GUIDs 1320. Since a GUID can represent an end-port of a HCA in the subnet, a SM can use this information to determine if a given end-port is a member of a given admin partition. For example, a subnet manager can query data store 1300 to return each admin partition P_Key 1304 that is related to a specific GUID 1320 (i.e., which admin partitions the given GUID is a "member" of).

[0125] In accordance with an embodiment, Admin Partition Association Information can include more, less or different data than that disclosed above. Moreover, Admin Partition Association Information can be related to other information in order to facilitate different operations throughout the fabric.

[0126] As noted above, the Admin Partition Association Information can be stored in any format that allows the SM to access the Admin Partition Association Information and determine members and associations through the stored relationships. For example, in accordance with an embodiment, Admin Partition Association Information can be stored in the fabric database. The tables holding the Admin Partition Association Information can be a subset of the fabric database and can include relationships to other tables not shown in Figure 13. In accordance with another embodiment, the Admin Partition Association Information can be stored in a resident memory on a SM (e.g., in a partition.conf file). In accordance with yet another embodiment, the Admin Partition Association Information data store can be records held in a cache in a volatile random access memory (RAM) of a SM. Holding the Admin Partition Association Information data store in RAM has the advantage of fast lookup times and, consequently, less overhead imposed on the SM and the fabric infrastructure. At SM startup, the SM can read the Admin Partition Association Information into RAM from, e.g., the fabric database or a partition.conf file. Any updates can be written back to either the fabric database or the partition.conf file for persistence. Further, the fabric data base or partition.conf file can be backed up for purposes of disaster recovery.

[0127] Figure 14 is an exemplary flow chart depicting an end-port dynamically requesting and receiving membership in a data partition, in accordance with an embodiment.

[0128] At step 1402, and with additional reference to Figure 12 and Figure 13, end-port 1214 sends a request, including its associated GUID 1320, to subnet manager 1202 for membership in data partition 1232.

[0129] At step 1404, SM 1202 receives the request and queries data store 1300 for each admin partition P_Key 1302 that GUID 1320 is a member of.

[0130] At step 1406, SM 1202 receives, from data store 1300, the list of admin partition P_Keys 1302 of which the GUID 1320 of end-port 1214 is a member.

[0131] At step 1408, SM 1202 determines if GUID 1320 is a member of any admin partitions, based on the returned list from data store 1300. If the list is empty (or null) - i.e., if the end-port 1214 is not a member of any admin partition - the process proceeds to end at step 1410, because the end-port 1214 does not have inherent access rights to any data partition by virtue of membership in an admin partition. If the list has at least one entry, however, the process proceeds to step 1412.

[0132] At step 1412, SM 1202 queries data store 1300 for a list of data partition P_Keys associated with any admin partition P_Keys returned in step 1406.

[0133] At step 1214, SM 1202 receives the list of data partition P_Keys associated with any admin partition P_Keys returned in step 1406.

[0134] At step 1416, the SM determines if the P_Key that represents data partition 1232 - the data partition for which end-port 1214 requested membership in at step 1402 - is included in the returned list. If the P_Key for data partition 1232 is not included in the list, the process proceeds to step 1418, and ends. If, however, the P_Key that represents data partition 1232 is included in the list, the process proceeds to step 1420.

[0135] At step 1420, the subnet manager stores the returned P_Key that represents data partition 1232 in the P_Key table of end-port 1214, thereby making end-port 1214 a member of data partition 1232. The process then ends.

[0136] Figure 14 depicts the SM making two requests to the data store at steps 1404 and 1412. This depiction, however, is meant to be illustrative of the information the subnet manager can use to determine if the end-port is 1) a member of any admin partition and, if so, 2) if the admin partition that the end-port is a member of has the requested data partition associated with it. It is to be understood that requests for this information by the SM to the data store can take place in a single query of the data store, or multiple queries of the data store, and that Figure 14 is not meant to be limiting in this respect.

[0137] In accordance with an embodiment, both data partitions and admin partitions can be represented by symbolic names. Referring back to Figure 13, data partition symbolic name 1306 and admin partition symbolic name 1304 can be included in the Admin Partition Association Information. Inclusion of symbolic names mapped to P_Keys of either admin partitions or data partitions can allow HCAs to request setup of data partitions by using symbolic names. A key benefit of allowing a HCA to use symbolic names as the basis for the host stack/HCA handling of partitions is that the P_Key values that represent the admin or data partitions at the subnet level, and that are mapped to the symbolic name of the partition, can be assigned at runtime, and/or can be changed in different system configurations.

[0138] For instance, and in accordance with an embodiment, a fabric host can be initialized and, as part of the initialization process, the HCA can send a request for membership in a data partition to a SM of the partition. The request for membership can be for a physical end-port or a virtual end-port (of a vHCA) associated with the HCA. The configuration driving the initialization can specify a symbolic name of the data partition for which the HCA is requesting membership, rather than a P_Key of the data partition. In this case, it is possible that the actual P_Key that will represent the data partition has not yet been generated in the subnet (e.g., the data partition P_Key 1314 field can be empty or null at the time of the request). The SM can generate the P_Key at the time of the request, and populate the Admin Partition Association Information with the generated P_Key. Moreover, a P_Key representing a partition can be dynamically changed without the need for reconfiguration at the host level. For instance, in the case of a fabric-level subnet merge, or other intrusive reconstruction of the fabric, where existing P_Key values may have to be changed (e.g., to avoid duplication), the SM could simply assign new P_Key values to the Admin Partition Association Information. These new P_Keys can then be pushed to the hosts by determining, through a querying of the Admin Partition Association Information data store, which hosts should receive the updated P_Keys.

[0139] In accordance with an embodiment, it is not necessary that the symbolic name used to specify a data partition be unique throughout the fabric, or even throughout the subnet. It is sufficient that the symbolic name be unique with respect to the set of all admin partitions that any given HCA is a member of - that is, the symbolic name can only be associated with a single data partition within the set of data partitions associated with all admin partitions that the HCA or end-port is a member of. In this way, similarly configured nodes (i.e., nodes configured to request data partition membership using a same symbolic partition name) that are members of different admin partitions may request membership in a data partition using a same well-defined symbolic name, but the mapping to the actual data partition P_Key value will be defined as a function of both the admin partition and the symbolic name. Hence, individual nodes can have the same basic configuration in terms of which data partition symbolic name they will request membership in, but the admin partition associations of each end-node or HCA will determine which data partitions these names actually map to.

[0140] Figure 15A and Figure 15B is a flowchart for dynamically assigning membership in a partition, in accordance with an embodiment.

[0141] At step 1512, a subnet manager is provided within the subnet, where the subnet manager is configured to operate within a subnet of a network fabric, the subnet including a plurality of nodes, and the plurality of nodes including at least one switch and a plurality of end-nodes, and where the subnet manager executes on one of the plurality of nodes;.

[0142] At step 1514, a data store is provided within the fabric, wherein the data store is accessible by the subnet manager.

[0143] At step 1516, the data store is configured to hold a first P_Key that identifies a first partition, a second P_Key that identifies a second partition, and a subnet-unique end-port identifier.

[0144] At step 1518, the data store is further configured to maintain a first relationship between the first P_Key and the second P_Key, and a second relationship between the first P_Key and the subnet-unique end-port identifier.

[0145] At step 1520, the subnet manager receives, from a host channel adapter (HCA) of a requesting end-node of the plurality of end-nodes, a request for membership for an end-port of the HCA of the requesting node in the second partition, where the request comprises an identifier of the second partition, and the subnet-unique end-port identifier, and where the end-port of the HCA is uniquely identified in the subnet by the subnet-unique end-port identifier.

[0146] At step 1522 the subnet manager requests, from the data store, a first list of P_Keys related to the subnet-unique end-port identifier.

[0147] At step 1524 the subnet manager receives from the data store, the first P_Key.

[0148] At step 1526, the subnet manager requests from the data store a second list of P_Keys related to the first P_Key.

[0149] At step 1528, the subnet manager receives from the data store the second P_Key.

[0150] At step 1530, the subnet manager populates a P_Key table of the end-port of the HCA with the second P_Key.

Admin Partition to HCA Associations



[0151] In accordance with an embodiment, admin partitions can also be used to determine whether a vHCA can be registered with the virtual function of a physical HCA. A vHCA describes a host channel adapter which is planned and configured for a specific virtual machine (VM), in accordance with an embodiment. A vHCA differs from a virtual function (VF) in that a vHCA migrates with a VM, while a VF stays with the physical adapter. As discussed above, however, both physical HCAs and vHCAs (and, at a lower level, the end-ports of these (v)HCAs) can be members of admin partitions. Thus, in accordance with an embodiment, admin partition membership can be used by the SM to determine whether a request from a physical HCA to register a vHCA with a virtual function of the requesting physical HCA is permissible.

[0152] Figure 16 shows an exemplary network fabric having HCAs and vHCAs as members of admin partitions, in accordance with an embodiment. As shown in Figure 16, subnet 1602 is part of network fabric 1600. HCA 1610, 1624, 1632, and 1644 represent physical HCAs physically connected through their respective end-ports to network fabric 1600 in subnet 1602. HCA 1610 is associated with physical function (PF) 1612 and with virtual functions (VFs) 1614 and 1616. HCA 1624 is associated with PF 1626 and with VFs 1628 and 1629. HCA 1632 is associated with PF 1634 and with VFs 1636 and 1638. HCA 1644 is associated with PF 1646 and with VFs 1648 and 1649. Further, vHCA 1620 is depicted as registered with VF 1614, and associated with Virtual machine (VM) 1618 (i.e., VM 1618 obtains access to network fabric 1600 through vHCA 1620, and ultimately through physical HCA 1610). vHCA 1640 is registered VF 1637, and associated with VM 1638.

[0153] With continued reference to Figure 16, as shown, HCAs 1610 and 1624, and vHCA 1620 are members of admin partition 1650. Additionally, HCA 1632 and 1644, and vHCA 1640 are members of admin partition 1660. Consequently, vHCA 1620 can be legally registered with VF 1614 or 1616 of HCA 1610, or with VF 1628 or 1629 of HCA 1624, by virtue of the fact that HCA 1610 and 1624, and vHCA 1620 are each members of admin partition 1650. Similarly, vHCA 1640 can be legally registered with VF 1636 or 1638 of HCA 1630, or with VF 1648 or 1649 of HCA 1644, by virtue of the fact that HCA 1632 and 1624, and vHCA 1640 are each members of admin partition 1660.

[0154] As noted above, the fabric-level fabric database holds information related to the fabric and fabric resources, and is managed by the fabric manager. In accordance with an embodiment, the fabric database can have "complete knowledge" of the fabric resource inventory (i.e., every resource that is a part of the network fabric is represented, at least, by a record held in the fabric database). Further, the access rights and name spaces associated with each resource in the fabric can be either stored in the fabric database, or derived from information and relationships contained in the fabric database.

[0155] For example, in accordance with an embodiment, information pertaining to admin partition membership and/or resource association with an admin partition can be stored in the fabric database. The tables holding this information and the relationships that link these tables together can be a subset of the fabric database, and can be referred to as the admin partition registry. In accordance with an embodiment, the admin partition registry is a collection of admin partition group resources. For example, an admin partition group within the admin partition registry can be a collection of HCA members (including vHCAs) and associated resources of a particular admin partition, where the group is looked up by the P_Key that defines the particular admin partition. Moreover, admin partition group members and associated resources can be looked up in the registry using keys such as GUID or vGUID for member HCAs or vHCAs, respectively, or P_Keys for associated data partitions. Relationships between the P_Key of an admin partition and the unique identifier of members or associated resources define membership or association, respectively, in the admin partition, and are maintained by the admin partition registry, and by the fabric database, at a higher level.

[0156] In accordance with an embodiment, all or part of the admin partition registry may held as records in a cache of the SM. For instance, records of the admin partition registry that correspond to resources of a particular subnet can be duplicated in a cache in a resident memory of a subnet manager (e.g., the master subnet manager) of the particular subnet. The admin partition registry records can either be retrieved (i.e., copied) from the fabric database by the SM (e.g., when the SM boots), or be placed in the cache before it is persisted to the fabric database. The cache can be a volatile or non-volatile memory. Regardless of when the registry records are placed in the cache, synchronization can then occur between the cached copy of the admin partition registry and the copy of the admin partition registry found in a fabric-level data base.

[0157] By holding all, or a subnet-relevant part, of the admin partition registry in a high-speed cache on the SM, rather than retrieving admin partition information from a persisted state (i.e., from the fabric database) every time a query is received, the lookup of admin partition information can impose minimal overhead on the SM. This can be especially important during subnet initialization, when access rights among subnet resources are being automatically assigned.

[0158] In accordance with an embodiment, logical names or identifiers can be assigned to resources within a resource domain (by, e.g., the fabric-level or domain-level admin user). These logical names can be private to the resource domain. The fabric manager, through the fabric database, can create relationships that map unique identifiers used within the fabric (e.g., vGUIDs and P_Keys) to logical or symbolic names given to resources within the fabric.

[0159] For instance, the fabric database, in accordance with an embodiment, can store records of resources, and domain membership and/or admin partition membership of resources. Logical names can be assigned to the resources upon discovery of the resources by the fabric manger. These names can be linked to the unique identifiers of the fabric resources in the fabric database. Moreover, the fabric manager can keep track of each resource's membership in resource domains and admin partitions through a relationship in the fabric manager database. With these records and relationships, the fabric manager can allow like logical names across disparate resource domains and admin partitions. In accordance with an embodiment, the logical domain name scheme can reflect the hierarchy of the resource domain or domains that a particular domain resource is a member of. In such an embodiment, logical resource names can be unique to the highest level resource domain that the resource is a member of.

[0160] In accordance with an embodiment, the identifier of a resource in the fabric - regardless of what the identifier is - can be unique within the scope of the admin partition. Then, global uniqueness (i.e., at the fabric level) can be achieved by prefixing the resource name with the corresponding admin partition.

[0161] Figure 17 shows an exemplary network fabric having both resource domains and admin partitions, in accordance with an embodiment. As shown in Figure 17, fabric manager 1702 is executing on network fabric 1700. In accordance with an embodiment, fabric manager 1702 can execute from a node (not shown) of network fabric 1700. Fabric manager 1702 is administered by fabric-level administrator 1704, and includes fabric manager database 1714. Admin partition registry 1716 is part of fabric manager database 1714, as is a logical name table 1718.

[0162] With continued reference to Figure 17, subnet 1720 is defined within network fabric 1700. Subnet manager 1722 is associated with subnet 1720, and, in accordance with an embodiment, performs the semantic runtime operations required by subnet 1720 for operation in network fabric 1700. Setup and administrative tasks required by subnet 1720 can be performed by fabric-level administrator 1704 and fabric manager 1702.

[0163] Node 1744, 1754, 1774 and 1784 are part of subnet 1720. HCA 1746 is associated with node 1744, and includes PF 1748 and VFs 1750 and 1752. Similarly, HCA 1756 is associated with node 1754, and includes PF 1758 and VFs 1760 and 1762. HCA 1776 is associated with node 1774, and includes PF 1778 and VFs 1780 and 1782. Further, HCA 1786 is associated with node 1784, and includes PF 1788 and VFs 1790 and 1792. VM 1740 is executing on node 1744, and VM 1770 is executing on node 1774. vHCA 1742 has been planned and configured for VM 1740, is associated with VM 1740, and is registered with virtual function 1752 of HCA 1746. vHCA 1772 has been planned and configured for VM 1770, is associated with VM 1770, and is registered with virtual function 1782 of HCA 1776.

[0164] In accordance with an embodiment, HCAs 1746, 1756, 1776, and 1786 are considered domain resources, and a record of each is stored in fabric manager database 1714. The record can include an identifier, such as a GUID, which is used to identify the HCA resource in the fabric. Further, vHCAs 1742 and 1772 are also considered domain resources, and a record of each is stored in fabric manager database 1714. The record can include an identifier, such as a GUID, which is used to identify the vHCA.

[0165] With further reference to Figure 17, and in accordance with an embodiment, resource domain 1710 and resource domain 1712 have been created within fabric manager 1702. In accordance with an embodiment, fabric-level administrator 1704 is responsible for the creation of resource domain 1710 and resource domain 1712. Additionally, domain admin 1706 is a domain-level administrator associated with resource domain 1710. Likewise, domain admin 1708 is a domain-level administrator associated with resource domain 1712. In accordance with an embodiment, fabric-level administrator 1704 can create domain admins 1706 and 1708, as admins of their respective resource domains, adhering to the hierarchical nature of resource domains.

[0166] In accordance with an embodiment, admin partition 1724 and admin partition 1726 have been defined in subnet 1720. Admin partition 1724 is associated with resource domain 1710, and admin partition 1726 is associated with resource domain 1712.

[0167] As shown in Figure 17, vHCA 1742 and HCAs 1746 and 1756 are members of resource domain 1710. In accordance with an embodiment, because admin partition 1724 is associated with resource domain 1710, when vHCA 1742 and HCAs 1746 and 1756 are added as members of resource domain 1710, they also become members of admin partition 1724, and a relationship is created in admin partition registry 1716 between the P_Key defining admin partition 1724 and the identifiers of HCAs 1746 and 1756, and vHCA 1742. In accordance with an embodiment, this relationship defines HCAs 1746 and 1756, and vHCA 1742 as members of admin partition 1724.

[0168] Likewise, vHCA 1772 and HCAs 1776 and 1786 are members of resource domain 1712. In accordance with an embodiment, because admin partition 1726 is associated with resource domain 1710, when vHCA 1772 and HCAs 1766 and 1786 are added as members of resource domain 1712, they also become members of admin partition 1726, and a relationship is created in admin partition registry 1716 between the P_Key defining admin partition 1726 and the identifiers of HCAs 1776 and 1786, and vHCA 1772. In accordance with an embodiment, this relationship defines HCAs 1776 and 1786, and vHCA 1772 as members of admin partition 1726.

[0169] As noted above, VM 1740 (including vHCA 1742), node 1744 (including HCA 1746) and node 1754 (including HCA 1756) are members of resource domain 1710, in accordance with an embodiment. In an embodiment of the invention, fabric-level administrator 1704 is responsible for adding node 1744 and node 1754 to resource domain 1710. For example, fabric-level administrator 1704 can, through the interface of fabric manager 1702, add nodes 1744 and 1754 to resource domain 1710. Once fabric-level administrator 1704 has added nodes 1744 and 1754 to resource domain 1710, domain admin 1706 can perform administrative tasks on nodes 1744 and 1754. In keeping with the hierarchical scheme of resource domains, however, domain admin 1706 could not perform administrative tasks on nodes 1744 and 1754 before they were added to resource domain 1710 (i.e., while they were a member of the higher-level default domain (not shown). Further, in accordance with an embodiment, domain admin 1708 cannot perform administrative tasks on nodes 1744 and 1754, because nodes 1744 and 1754 are members of a parallel-level resource domain that domain admin 1708 is not associated with.

[0170] With continued reference to Figure 17, and in accordance with an embodiment, admin partitions 1724 and 1726 have been defined within subnet 1720. In keeping with the hierarchical scheme of resource domains, in one embodiment admin partitions 1724 and 1726 were defined by fabric-level administrator 1704. In another embodiment, domain admin 1706 defined admin partition 1724, and domain admin 1708 defined admin partition 1726. In accordance with an embodiment, admin partition 1724 is associated with resource domain 1710, and admin partition 1726 is associated with resource domain 1712. As discussed above, admin partitions 1724 and 1726 represent resource domains 1710 and 1712, respectively, at the subnet level, in accordance with an embodiment. In addition to being associated with their respective resource domains, admin partitions 1724 and 1726 are associated with domain admins 1706 and 1708, respectively (i.e., the corresponding admin user of the resource domains each of the admin partitions is associated with). As noted above, this association between admin partitions and domain-level admins can ensure user-role separation in multi-tenant environments at the subnet level, in accordance with an embodiment.

[0171] Data partitions 1728 and 1730 have been defined in subnet 1720, in accordance with an embodiment. In keeping with the hierarchical scheme of resource domains, in one embodiment data partitions 1728 and 1730 were defined by fabric-level administrator 1704. In another embodiment, domain admin 1706 defined data partition 1728, and domain admin 1708 defined data partition 1730. As shown in Figure 17, data partition 1728 is associated with admin partition 1724, and data partition 1730 is associated with admin partition 1726. Moreover, as noted above and shown in Figure 17, HCAs 1746 and 1756 and vHCA 1742 are members of admin partition 1724. Consequently, in accordance with an embodiment, HCAs 1746 and 1756 and vHCA 1742 have access permissions to data partition 1728 because they are members of an admin partition (i.e., admin partition 1724) that data partition 1728 is associated with.

[0172] In accordance with an embodiment, when data partition 1728 is associated with admin partition 1724, a relationship between the identifier of data partition 1728 (e.g., the P_Key of data partition 1728) and the P_Key of admin partition 1724 is created in the admin partition registry 1716. This relationship defines data partition 1728 as associated with admin partition 1724. Likewise, when data partition 1730 is associated with admin partition 1726 a relationship between the identifier of data partition 1730 (e.g., the P_Key of data partition 1730) and the P_Key of admin partition 1726 is created in the admin partition registry 1716. This relationship defines data partition 1730 as associated with admin partition 1726.

[0173] In accordance with an embodiment, if a request were received from either of HCAs 1746 and 1756 or vHCA 1742 to join data partition 1728, SM 1722 could check with admin partition registry 1716, and find that HCAs 1746 and 1756 and vHCA 1742 are members of admin partition 1724, and that data partition 1728 is associated with admin partition 1724. Then, SM 1722 could allow HCAs 1746 and 1756 and vHCA 1742 to become members of data partition 1728 based on HCAs 1746 and 1756 and vHCA 1742 being members of admin partition 1724 and data partition 1728 being associated with admin partition 1724. No manual mapping from either fabric-level administrator 1704 or domain-level administrator 1706 would be necessary to allow HCAs 1746 and 1756 and vHCA 1742 to join data partition 1728.

[0174] Moreover, vHCA 1742 can be registered with either of VF 1752 or 1750 of HCA 1746, or either of VF 1762 or 1760 of HCA 1756, because HCAs 1746 and 1756 and vHCA 1742 are members of admin partition 1724 (vHCA 1742 is depicted as registered with VF 1752). Here again, SM 1722 could check with admin partition registry 1716, and find that HCAs 1746 and 1756 and vHCA 1742 are members of admin partition 1724. Upon finding that HCAs 1746 and 1756 and vHCA 1742 are members of admin partition 1724, SM 1722 could allow registration of vHCA 1742 with any of VFs 1752, 1750 1762, and 1760 without intervention from any fabric user.

[0175] Figure 18 is a flowchart for correlating resource domain membership with an admin partition membership, in accordance with an embodiment.

[0176] At step 1810, a resource domain is created within the network fabric.

[0177] At step 1820, an admin partition is created within a subnet of the network fabric.

[0178] At step 1830, the resource domain is associated with the admin partition.

[0179] At step 1840, fabric resources are added to the resource domain as members of the resource domain, and the fabric manager correlates the resource membership at the resource domain with membership in the admin partition by making all members of the resource domain also members of the admin partition.

[0180] Figure 19 is a detailed flowchart for a method of correlating resource group membership with admin partition membership using a fabric-level database, in accordance with an embodiment.

[0181] At step 1910, a resource domain is created at the fabric level of the network, where the resource domain is a logical grouping of fabric resources.

[0182] At step 1920, an admin partition is created in a subnet of the network, wherein the admin partition is defined by a first P_Key, and wherein the first P_Key is unique throughout the subnet.

[0183] At step 1930, a fabric-level database is provided and the first P_Key is stored in the fabric-level database.

[0184] At step 1940, the resource domain is associated with the admin partition.

[0185] At step 1950, a first fabric resource is added to the resource domain, wherein the first fabric resource is identified by a first identifier, wherein the first identifier is stored in the fabric-level database, wherein the adding the first fabric resource to the resource domain creates a first relationship through the fabric-level database between the first identifier and the P_Key that defines the admin partition, and wherein the first relationship defines the first fabric resource as a member of the admin partition.

[0186] At step 1960, a second fabric resource is added to the resource domain, wherein the second fabric resource is identified by a second identifier, wherein the second identifier is stored in the fabric-level database, wherein the adding the second fabric resource to the resource domain creates a second relationship through the fabric-level database between the second identifier and the P_Key that defines the admin partition, and wherein the second relationship defines the second fabric resource as a member of the admin partition.

[0187] At step 1970, a determination is made that the first domain resource and the second domain resource are members of the admin partition.

[0188] At step 1980, access rights are granted that the first domain resource and the second domain resource are members of the admin partition.

Admin Partition Membership Defined by Switch Connectivity



[0189] As outlined above, an admin partition represents a grouping of subnet resources that can be used by the set of hosts that have host channel adapters (either physical or virtual) that are members of that admin partition. Because an admin partition groups admin partition members in a pre-defined relationship that grants access to subnet resources, an administrator does not have to grant access to individual hosts (i.e., individual host channel adapters, or end-ports thereof) at the time, or prior to the time access is needed. Rather, the member's ability to access the resource is recognized by virtue of membership in the admin partition, and the proper steps to allow such access can be automated (e.g., adding the P_Key of a data partition that is associated with an admin partition to the P_Key table of an HCA that is a member of the admin partition).

[0190] In accordance with an embodiment, the adding of HCAs as members of an admin partition can also be automated based on the physical switch that the HCA is connected to. Host membership based on switch connectivity has advantages in certain system deployments. For example, certain high performance computing systems can be provisioned as "engineered systems" (ESs). Such engineered systems can include a plurality of components arranged to achieve a certain computing function. Because these components are parts of a larger system engineered to operate in conjunction with each other to achieve a certain function, it can be safely assumed that hosts included in the ES should have access rights to resources also included in the ES. It can then further be assumed that a domain global admin partition (i.e., an admin partition that all subnet resources are associated with, and that each HCA is a member of, such that each resource has access to each other resource within the subnet) is desirable.

[0191] Because an engineered system instance is often designed as one or more racks having several physical servers connected to one or more pairs of leaf switches, provisioning of domain global admin partition membership of HCAs deployed in the ES can be defined by the leaf switches of the ES, in accordance with an embodiment. By defining that a specific leaf switch represents (or is associated with) a specific admin partition, then all HCAs directly connected to the leaf switch can automatically be associated with the admin partition represented by the leaf switch. Thus, each HCA implemented in the ES can be included in a domain global admin partition based on switch connectivity, so long as each switch in the ES is configured as associated with the same relevant admin partition information.

[0192] In accordance with an embodiment, configuration information on a leaf switch can define the associated admin partition. For instance, a switch can have one or more configuration variables whose value(s) define the associated admin partition. These configuration variables can hold values such as the logical name of the associated admin partition, and/or the P_Key of the associated admin partition. These configuration variables (i.e., configuration properties) can be included as part of a larger switch configuration (e.g., along with host name, IP addresses, and other settings necessary for operation) that can be backed up and restored if the switch is replaced.

[0193] Figure 20 shows host channel adapters as members of an admin partition based on switch connectivity, in accordance with an embodiment. Figure 20 depicts an engineered system (ES) as a single rack 2000. ES rack 2000 contains HCAs 2002-2005, and leaf switches 2010 and 2020. HCAs 2002 and 2003 are connected to leaf switch 2010, and HCAs 2004 and 2005 are connected to leaf switch 2020. Leaf switch 2010 and 2020 connect to IB fabric 2062. The SM for the IB subnet that the ES rack 2000 is part of (not shown) can execute on either switch 2010 or 2020, or on another node in the subnet.

[0194] Leaf switch 2010 contains switch configuration (config) 2012 and switch 2020 contains switch configuration (config) 2022. Switch configs 2012 and 2022 both can hold configuration properties and can be backed up and restored. Switch configs 2012 and 2022 associate switches 2010 and 2020, respectively, with admin partition 2050 through properties held in the respective switch configs. As a result of being physically connected to either leaf switch 2010 or leaf switch 2020, HCAs 2002-2005 are automatically recorded as members of admin partition 2050 in the admin partition registry (not shown) of the fabric database (also not shown) of IB fabric 2062.

[0195] In accordance with an embodiment, when leaf-switch properties define default admin partition membership, the SM can discover or be informed about the switch being associated with a particular admin partition (e.g., admin partition 2050). For instance, the switches 2010 and 2020 can expose the config properties that specify if there is a default (e.g., a domain global) admin partition associated with the switch as readable SMA attributes. The SM can then read the properties on a sweep of the subnet. Alternatively, the SMA of the switches may send the properties to the SM as trap messages. The SM can also discover or be informed about which HCAs are directly connected to the leaf switches. Once the SM has obtained the properties specifying the admin partition the switch is associated with, and the list of HCAs directly connected to the switches, the SM can be responsible for making the required correlations between connected HCAs and the switch-associated admin partition, and forwarding the admin partition membership information to the admin partition registry.

[0196] In accordance with an embodiment, admin partition membership based on switch connectivity can reduce administrative overhead by eliminating the need to specify a P_Key value for an admin partition associated with a leaf switch, except for when the partition is defined. Moreover, GUIDs for member HCAs do not need to be specified at the time the admin partition is created or when a new HCA is added to the system, and can be discovered and added as members of the admin partition dynamically by the SM.

[0197] For instance, an admin partition can be defined with a P_Key and a logical name in the admin partition registry. Upon initialization of the subnet, the SM will obtain the logical name of the partition from a switch that is associated with the partition, and will also receive a list of HCAs that are directly connected to the switch. The list of HCAs can be in the form of a list of GUIDs corresponding to each HCA directly connected to the switch. The SM can forward the list of GUIDs and the logical name of the partition to the admin partition registry, where the logical name of the admin partition can be used as a lookup parameter to find the P_Key of the admin partition. Then the admin partition registry can be updated by relating each GUID in the forwarded list to the found P_Key of the admin partition, thus making each corresponding HCA a member of the admin partition, in accordance with an embodiment.

[0198] Because, in the above scenario, the admin partition P_Key can be looked up in the admin partition registry using its logical name, the switches need only be configured with the admin partition's logical name. If there is a switch failure, the failed switch can be replaced, and the switch config can be restored to the replacement switch, causing minimum administrator overhead.

[0199] In accordance with an embodiment, once the admin partition registry is updated with the GUIDs of the HCAs directly connected to the switch, the admin partition registry can be automatically queried (by, e.g., the SM) to retrieve any data partitions that are associated with the admin partition. The query can return the P_Keys of any data partitions that are associated with the admin partition and these P_Keys can be loaded into the P_Key tables of each HCA directly connected to any switch that is associated with the admin partition. In this way, access to data partitions can be planned and provisioned with minimum administrative effort.

[0200] Figure 21 is a flow chart for assigning admin partition membership to host channel adapters based on switch connectivity, in accordance with an embodiment.

[0201] At step 2110, an admin partition is created.

[0202] At step 2120, the admin partition is associated with a switch.

[0203] At step 2130, a determination is made as to what HCA's are directly connected to the switch.

[0204] At step 2140, each HCA determined to be directly connected to the switch is made a member of the admin partition associated with the switch.

[0205] Figure 22 is a detailed flow chart for assigning admin partition membership to host channel adapters based on switch connectivity, in accordance with an embodiment.

[0206] At step 2210, an admin partition for use in a subnet of a network fabric is created, where the admin partition is defined by a P_Key that is unique within the subnet, and where the P_Key is stored in an admin partition registry that is accessible from the subnet.

[0207] At step 2220, a subnet manager that executes from a node within the subnet is provided.

[0208] At step 2230, information that a subnet switch is associated with the admin partition is obtained by the subnet manager.

[0209] At step 2240, a list of identifiers (IDs) is received by the subnet manager, each identifier corresponding to a host channel adapter that is directly connected to the subnet switch.

[0210] At step 2250, each of the IDs from the list is added to the admin partition registry.

[0211] At step 2260, a relationship is created in the admin partition registry between each of the added IDs and the P_Key.

[0212] In accordance with an embodiment, a method of dynamically assigning membership in a partition, comprises providing a subnet manager configured to operate within a subnet of a network fabric, wherein the subnet includes a plurality of nodes, and wherein the plurality of nodes includes at least one switch and a plurality of end-nodes, and wherein the subnet manager executes on one of the plurality of nodes; providing a data store within the fabric, wherein the data store is accessible by the subnet manager; configuring the data store to hold a first partition key (P_Key) that identifies a first partition, a second P_Key that identifies a second partition, and a subnet-unique end-port identifier; further configuring the data store to maintain a first relationship between the first P_Key and the second P_Key, and a second relationship between the first P_Key and the subnet-unique end-port identifier; receiving, by the subnet manager, and from a host channel adapter (HCA) of a requesting end-node of the plurality of end-nodes, a request for membership for an end-port of the HCA of the requesting node in the second partition, the request comprises an identifier of the second partition, and the subnet-unique end-port identifier, wherein the end-port of the HCA is uniquely identified in the subnet by the subnet-unique end-port identifier; requesting, from the data store, and by the subnet manager, a first list of P_Keys related to the subnet-unique end-port identifier; receiving, by the subnet manager, and from the data store, the first P_Key; requesting, from the data store, and by the subnet manager, a second list of P_Keys related to the first P_Key; receiving, by the subnet manager, and from the data store, the second P_Key; populating, by the subnet manager, a P_Key table of the end-port of the HCA with the second P_Key.

[0213] In accordance with an embodiment, the above method, wherein the first partition is associated with an attribute that identifies the first partition as an admin partition within the subnet.

[0214] In accordance with an embodiment, in the above method the identifier of the second partition is the second P_Key that identifies the second partition.

[0215] In accordance with an embodiment, the above method further comprises configuring the data store to hold a symbolic name of the second partition; and configuring the data store to maintain a third relationship between the symbolic name of the second partition and the second P_Key that identifies the second partition.

[0216] In accordance with an embodiment, in the above method the identifier of the second partition is the symbolic name of the second partition.

[0217] In accordance with an embodiment, the above method comprises requesting, from the data store, and by the subnet manager, the symbolic name of the second partition related to the second P_Key that identifies the second partition; and receiving, by the subnet manager, and from the data store, the symbolic name of the second partition.

[0218] In accordance with an embodiment, in the above method the data store comprises records held in a random access memory of the subnet manager.

[0219] In accordance with an embodiment, a system for dynamically assigning membership in a partition, the system comprises a subnet manager configured to operate within a subnet of a network fabric, wherein the subnet includes a plurality of nodes, and wherein the plurality of nodes includes at least one switch and a plurality of end-nodes, and wherein the subnet manager executes on one of the plurality of nodes; a data store within the fabric, wherein the data store is accessible by the subnet manager, and wherein the data store is configured to: store a first partition key (P_Key) that identifies a first partition, a second P_Key that identifies a second partition, and a subnet-unique end-port identifier; and maintain a first relationship between the first P_Key and the second P_Key, and a second relationship between the first P_Key and the subnet-unique end-port identifier; and wherein the subnet manager is configured to: receive from a host channel adapter (HCA) of a requesting end-node of the plurality of end-nodes, a request for membership for an end-port of the HCA of the requesting node in the second partition, the request comprises an identifier of the second partition, and the subnet-unique end-port identifier, wherein the end-port of the HCA is uniquely identified in the subnet by the subnet-unique end-port identifier; request, from the data store, a first list of P_Keys related to the subnet-unique end-port identifier; receive, from the data store, the first P_Key; request, from the data store, a second list of P_Keys related to the first P_Key; receive, from the data store, the second P_Key; populate a P_Key table of the end-port of the HCA with the second P_Key.

[0220] In accordance with an embodiment, in the above system the first partition is associated with an attribute that identifies the first partition as an admin partition within the subnet.

[0221] In accordance with an embodiment, in the above system the identifier of the second partition is the second P_Key that identifies the second partition.

[0222] In accordance with an embodiment, in the above system the data store is further configured to: store a symbolic name of the second partition; and maintain a third relationship between the symbolic name of the second partition and the second P_Key that identifies the second partition.

[0223] In accordance with an embodiment, in the above system the identifier of the second partition is the symbolic name of the second partition.

[0224] In accordance with an embodiment, in the above system the subnet manager is further configured to request from the data store the symbolic name of the second partition related to the second P_Key that identifies the second partition; and receive, from the data store, the symbolic name of the second partition.

[0225] In accordance with an embodiment, in the above system the data store comprises records held in a memory of the subnet manager.

[0226] In accordance with an embodiment, a non-transitory computer readable storage medium, including instructions stored thereon for dynamically assigning membership in a partition, which when read and executed by one or more computers cause the one or more computers to perform steps that comprise providing a subnet manager configured to operate within a subnet of a network fabric, wherein the subnet includes a plurality of nodes, and wherein the plurality of nodes includes at least one switch and a plurality of end-nodes, and wherein the subnet manager executes on one of the plurality of nodes; providing a data store within the fabric, wherein the data store is accessible by the subnet manager; configuring the data store to hold a first partition key (P_Key) that identifies a first partition, a second P_Key that identifies a second partition, and a subnet-unique end-port identifier; further configuring the data store to maintain a first relationship between the first P_Key and the second P_Key, and a second relationship between the first P_Key and the subnet-unique end-port identifier; receiving, by the subnet manager, and from a host channel adapter (HCA) of a requesting end-node of the plurality of end-nodes, a request for membership for an end-port of the HCA of the requesting node in the second partition, the request comprises an identifier of the second partition, and the subnet-unique end-port identifier, wherein the end-port of the HCA is uniquely identified in the subnet by the subnet-unique end-port identifier; requesting, from the data store, and by the subnet manager, a first list of P_Keys related to the subnet-unique end-port identifier; receiving, by the subnet manager, and from the data store, the first P_Key; requesting, from the data store, and by the subnet manager, a second list of P_Keys related to the first P_Key; receiving, by the subnet manager, and from the data store, the second P_Key; populating, by the subnet manager, a P_Key table of the end-port of the HCA with the second P_Key.

[0227] In accordance with an embodiment, in the above non-transitory computer readable storage medium, the first partition is associated with an attribute that identifies the first partition as an admin partition within the subnet.

[0228] In accordance with an embodiment, in the above non-transitory computer readable storage medium, the identifier of the second partition is the second P_Key that identifies the second partition.

[0229] In accordance with an embodiment, the above non-transitory computer readable storage medium, the steps further comprise configuring the data store to hold a symbolic name of the second partition, and configuring the data store to maintain a third relationship between the symbolic name of the second partition and the second P_Key that identifies the second partition.

[0230] In accordance with an embodiment, in the above non-transitory computer readable storage medium, the identifier of the second partition is the symbolic name of the second partition.

[0231] In accordance with an embodiment, in the above non-transitory computer readable storage medium, the steps further comprise requesting, from the data store, and by the subnet manager, the symbolic name of the second partition related to the second P_Key that identifies the second partition; and receiving, by the subnet manager, and from the data store, the symbolic name of the second partition.

[0232] In accordance with an embodiment, the above computer program comprises program instructions in machine-readable format that when executed by a computer system cause the computer system to perform the above method.

[0233] In accordance with an embodiment, the above computer program product comprises the above computer program stored in a non-transitory machine readable data storage medium.

[0234] In accordance with an embodiment, a method of assigning admin partition membership based on switch connectivity comprises: creating an admin partition for use in a subnet of a network fabric, wherein the admin partition is defined by a P_Key that is unique within the subnet, and wherein the P_Key is stored in an admin partition registry that is accessible from the subnet; providing a subnet manager that executes from a node within the subnet; obtaining, from a subnet switch and by the subnet manager, information that the subnet switch is associated with the admin partition; receiving, by the subnet manager, a list of identifiers (IDs), each ID corresponding to a host channel adapter that is directly connected to the subnet switch; adding each of the IDs from the list to the admin partition registry; and creating a relationship in the admin partition registry between each of the added IDs and the P_Key.

[0235] In accordance with an embodiment, in the above method the information obtained by the subnet manager comprises the P_Key of the admin partition that the subnet switch is associated with.

[0236] In accordance with an embodiment, in the above method further comprises storing, in the admin partition registry, a logical name of the admin partition; creating a relationship between the logical name of the admin partition and the P_Key in the admin partition registry; and wherein the information obtained by the subnet manager comprises the logical name of the admin partition.

[0237] In accordance with an embodiment, the above method further comprises using, by the subnet manager, the logical name of the admin partition as a parameter in a query of the admin partition registry, wherein the query returns the P_Key based on the relationship between the logical name of the admin partition and the P_Key.

[0238] In accordance with an embodiment, in the above method the information is held in a configuration property of the subnet switch, and wherein the configuration property is exposed to the subnet manager.

[0239] In accordance with an embodiment, in the above method the configuration property is a subnet management agent attribute of the switch, and wherein obtaining the information by the subnet manager includes reading, by the subnet manager, the subnet management agent attribute of the subnet switch.

[0240] In accordance with an embodiment, the above method further comprises providing the subnet switch.

[0241] In accordance with an embodiment, a system for assigning admin partition membership based on switch connectivity comprises an admin partition for use in a subnet of a network fabric, wherein the admin partition is defined by a P_Key that is unique within the subnet, and wherein the P_Key is stored in an admin partition registry that is accessible from the subnet; and a subnet manager that executes from a node within the subnet, wherein the subnet manager operates to: obtain, from a subnet switch, information that the subnet switch is associated with the admin partition; receive, by the subnet manager, a list of identifiers (IDs), each ID corresponding to a host channel adapter that is directly connected to the subnet switch; add each of the IDs from the received list to the admin partition registry; and cause a relationship to be created in the admin partition registry between each of the added IDs and the P_Key.

[0242] In accordance with an embodiment, in the above system the information obtained by the subnet manager comprises the P_Key of the admin partition that the subnet switch is associated with.

[0243] In accordance with an embodiment, in the above system a logical name of the admin partition is stored in the admin partition registry; wherein a relationship between the logical name of the admin partition and the P_Key in the admin partition registry is created and maintained; and wherein the information obtained by the subnet manager comprises the logical name of the admin partition.

[0244] In accordance with an embodiment, in the above system the subnet manager further operates to use the logical name of the admin partition as a parameter in a query of the admin partition registry, and wherein the query returns the P_Key based on the relationship between the logical name of the admin partition and the P_Key.

[0245] In accordance with an embodiment, in the above system the information is held in a configuration property of the subnet switch, and wherein the configuration property is exposed to the subnet manager.

[0246] In accordance with an embodiment, in the above system the configuration property is a subnet management agent attribute of the switch, and wherein obtaining the information by the subnet manager includes reading, by the subnet manager, the subnet management agent attribute of the subnet switch.

[0247] In accordance with an embodiment, the above system further comprises the subnet switch.

[0248] In accordance with an embodiment, a non-transitory computer readable storage medium, including instructions stored thereon for assigning admin partition membership based on switch connectivity, which when read and executed by one or more computers cause the one or more computers to perform steps that comprise creating an admin partition for use in a subnet of a network fabric, wherein the admin partition is defined by a P_Key that is unique within the subnet, and wherein the P_Key is stored in an admin partition registry that is accessible from the subnet; providing a subnet manager that executes from a node within the subnet; obtaining, from a subnet switch and by the subnet manager, information that the subnet switch is associated with the admin partition; receiving, by the subnet manager, a list of identifiers (IDs), each ID corresponding to a host channel adapter that is directly connected to the subnet switch; adding each of the IDs from the list to the admin partition registry; and creating a relationship in the admin partition registry between each of the added IDs and the P_Key.

[0249] In accordance with an embodiment, in the above non-transitory computer readable storage medium, the information obtained by the subnet manager comprises the P_Key of the admin partition that the subnet switch is associated with.

[0250] In accordance with an embodiment, the above non-transitory computer readable storage medium, the steps further comprise storing, in the admin partition registry, a logical name of the admin partition; and creating a relationship between the logical name of the admin partition and the P_Key in the admin partition registry; and wherein the information obtained by the subnet manager comprises the logical name of the admin partition.

[0251] In accordance with an embodiment, the above non-transitory computer readable storage medium, the steps further comprise using, by the subnet manager, the logical name of the admin partition as a parameter in a query of the admin partition registry, wherein the query returns the P_Key based on the relationship between the logical name of the admin partition and the P_Key.

[0252] In accordance with an embodiment, in the above non-transitory computer readable storage medium, the information is held in a configuration property of the subnet switch, and wherein the configuration property is exposed to the subnet manager.

[0253] In accordance with an embodiment, in the above non-transitory computer readable storage medium, the configuration property is a subnet management agent attribute of the switch, and wherein obtaining the information by the subnet manager includes reading, by the subnet manager, the subnet management agent attribute of the subnet switch.

[0254] In accordance with an embodiment, a computer program comprises program instructions in machine-readable format that when executed by a computer system cause the computer system to perform the above methods.

[0255] In accordance with an embodiment, a computer program product comprises the above computer program stored in a non-transitory machine readable data storage medium.

[0256] Features of the present invention can be implemented in, using, or with the assistance of a computer program product which is a storage medium (media) or computer readable medium (media) having instructions stored thereon/in which can be used to program a processing system to perform any of the features presented herein. The storage medium can include, but is not limited to, any type of disk including floppy disks, optical discs, DVD, CD-ROMs, microdrive, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, DRAMs, VRAMs, flash memory devices, magnetic or optical cards, nanosystems (including molecular memory ICs), or any type of media or device suitable for storing instructions and/or data.

[0257] Stored on any one of the machine readable medium (media), features of the present invention can be incorporated in software and/or firmware for controlling the hardware of a processing system, and for enabling a processing system to interact with other mechanism utilizing the results of the present invention. Such software or firmware may include, but is not limited to, application code, device drivers, operating systems and execution environments/containers.

[0258] Features of the invention may also be implemented in hardware using, for example, hardware components such as application specific integrated circuits (ASICs). Implementation of the hardware state machine so as to perform the functions described herein will be apparent to persons skilled in the relevant art.

[0259] Additionally, the present invention may be conveniently implemented using one or more conventional general purpose or specialized digital computer, computing device, machine, or microprocessor, including one or more processors, memory and/or computer readable storage media programmed according to the teachings of the present disclosure. Appropriate software coding can readily be prepared by skilled programmers based on the teachings of the present disclosure, as will be apparent to those skilled in the software art.

[0260] While various embodiments of the present invention have been described above, it should be understood that they have been presented by way of example, and not limitation. It will be apparent to persons skilled in the relevant art that various changes in form and detail can be made therein without departing from the scope of the invention.

[0261] The present invention has been described above with the aid of functional building blocks illustrating the performance of specified functions and relationships thereof. The boundaries of these functional building blocks have often been arbitrarily defined herein for the convenience of the description. Alternate boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Any such alternate boundaries are thus within the scope of the invention.

[0262] The foregoing description of the present invention has been provided for the purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise forms disclosed. The breadth and scope of the present invention should not be limited by any of the above-described exemplary embodiments. Many modifications and variations will be apparent to the practitioner skilled in the art. The modifications and variations include any relevant combination of the disclosed features. The embodiments were chosen and described in order to best explain the principles of the invention and its practical application, thereby enabling others skilled in the art to understand the invention for various embodiments and with various modifications that are suited to the particular use contemplated.


Claims

1. A method of correlating fabric-level group membership with subnet-level group membership within a network fabric, comprising the steps of:

creating (1910) a resource domain at a fabric level of the network, wherein the resource domain is a logical grouping of fabric resources;

storing the resource domain in a memory;

creating (1920) an admin partition in a subnet of the network fabric, wherein the admin partition is defined by a first P_Key, and wherein the first P_Key is unique throughout the subnet;

storing (1930) the first P_Key in the memory;

associating (1940) the resource domain with the admin partition;

adding (1950) a first fabric resource to the resource domain, wherein the first fabric resource is identified by a first identifier, and wherein the first identifier is stored in the memory;

creating a first relationship in the memory between the first identifier and the first P_Key that defines the admin partition, wherein the first relationship defines the first fabric resource as a member of the admin partition;

adding (1960) a second fabric resource to the resource domain, wherein the second fabric resource is identified by a second identifier, and wherein the second identifier is stored in the memory;

creating a second relationship in the memory between the second identifier and the first P_Key that defines the admin partition, wherein the second relationship defines the second fabric resource as a member of the admin partition;

determining (1970) that the first domain resource and the second domain resource are members of the admin partition;

granting (1980) access rights for the first domain resource to the second domain resource based on the determination that the first domain resource and the second domain resource are members of the admin partition;

adding a child resource domain to the resource domain;

adding a third fabric resource to the child resource domain, wherein the third fabric resource is identified by a third identifier, and wherein the third identifier is stored in the memory; and

creating a third relationship in the memory between the third identifier and the first P_Key that defines the admin partition, wherein the third relationship defines the third fabric resource as a member of the admin partition.


 
2. The method of Claim 1, further comprising the steps of:
associating a domain-level user with the resource domain, wherein the association of the domain-level user with the resource domain grants the domain-level user permissions to manage the first fabric resource and the second fabric resource.
 
3. The method of Claim 1, further comprising the steps of:

creating a second admin partition in the subnet of the network fabric, wherein the second admin partition is defined by a second P_Key, and wherein the second P_Key is unique throughout the subnet;

storing the second P_Key in the memory;

associating the child resource domain with the second admin partition; and

creating a fourth relationship in the memory between the third identifier and the second P_Key that defines the second admin partition, wherein the fourth relationship defines the third fabric resource as a member of the second admin partition.


 
4. The method of any of the preceding Claims, further comprising:

assigning a first logical name to the first fabric resource;

storing the first logical name in the memory;

creating a relationship between the first logical name and the first identifier in the memory, wherein the relationship links the first logical name and the first identifier in the memory.


 
5. The method of Claim 4, further comprising:

assigning a second logical name to the second fabric resource;

looking-up the first logical name in the memory; and

storing the second logical name in the memory only if the second logical name is different than the first logical name.


 
6. The method of Claim 1, further comprising the steps of:

creating a data partition in the subnet of the network fabric;

associating the data partition with the first admin partition;

receiving a request from the first fabric resource to be a member of the data partition;

making the first fabric resource a member of the data partition based on the association of the data partition with the admin partition.


 
7. A system that correlates fabric-level group membership with subnet-level group membership within a network fabric, comprising:

a node, including a processor;

a memory accessible to the node;

a resource domain, wherein the resource domain is a logical grouping of fabric resources and is stored in the memory;

a first P_Key stored in the memory, wherein the P_Key defines an admin partition, and wherein the first P_Key is unique throughout the subnet;

and wherein the node operates to:

associate (1940) the resource domain with the first P_Key;

add (1950) a first fabric resource to the resource domain, wherein the first fabric resource is identified by a first identifier, and wherein the first identifier is stored in the memory;

create a first relationship in the memory between the first identifier and the first P_Key that defines the admin partition, and wherein the first relationship defines the first fabric resource as a member of the admin partition;

add (1960) a second fabric resource to the resource domain, wherein the second fabric resource is identified by a second identifier, and wherein the second identifier is stored in the memory;

create a second relationship in the memory between the second identifier and the first P_Key that defines the admin partition, and wherein the second relationship defines the second fabric resource as a member of the admin partition;

determine (1970) that the first domain resource and the second domain resource are members of the admin partition;

grant (1980) access rights for the first domain resource to the second domain resource based on the determination that the first domain resource and the second domain resource are members of the admin partition;

add a child resource domain to the resource domain;

add a third fabric resource to the child resource domain, wherein the third fabric resource is identified by a third identifier, and wherein the third identifier is stored in the memory; and

create a third relationship in the memory between the third identifier and the first P_Key that defines the admin partition, wherein the third relationship defines the third fabric resource as a member of the admin partition.


 
8. The system of Claim 7, wherein the admin partition is assigned a logical name that is unique throughout the fabric, wherein the first fabric resource is assigned a logical name that is unique throughout the subnet, and wherein the logical name assigned to the first fabric resource is prefixed with the logical name assigned to the admin partition to create a logical name of the first fabric resource that is unique throughout the fabric.
 
9. The system of Claim 7 or 8, further comprising a fabric manager, wherein the fabric manager comprises a user interface, and wherein a user at least partially manages the resource domain through the user interface of the fabric manager, and optionally wherein the admin partition is transparent to the user, and wherein the first P_Key is generated and stored in the memory automatically by the fabric manager when the resource domain is created.
 
10. The system of any of Claims 7 to 9, wherein the first P_Key is generated and stored in the memory upon an explicit prompt of the user.
 
11. The system of any of Claims 7 to 10, wherein the first fabric resource is a host channel adapter (HCA) and the second domain resource is a virtual host channel adapter (vHCA).
 
12. The system of Claim 7, wherein the memory comprises a relational database, and wherein the first P_Key, the first identifier, the first relationship, the second identifier and the second relationship are stored in the relational database.
 
13. A computer readable storage medium, including instructions stored thereon for correlating fabric-level group membership with subnet-level group membership within a network fabric, which when read and executed by one or more computers cause the one or more computers to perform steps comprising:

creating (1910) a resource domain at a fabric level of the network, wherein the resource domain is a logical grouping of fabric resources;

storing the resource domain in a memory;

creating (1920) an admin partition in a subnet of the network fabric, wherein the admin partition is defined by a first P_Key, and wherein the first P_Key is unique throughout the subnet;

storing (1930) the first P_Key in the memory;

associating (1940) the resource domain with the admin partition;

adding (1950) a first fabric resource to the resource domain, wherein the first fabric resource is identified by a first identifier, and wherein the first identifier is stored in the memory;

creating a first relationship in the memory between the first identifier and the first P_Key that defines the admin partition, wherein the first relationship defines the first fabric resource as a member of the admin partition;

adding (1960) a second fabric resource to the resource domain, wherein the second fabric resource is identified by a second identifier, and wherein the second identifier is stored in the memory;

creating a second relationship in the memory between the second identifier and the first P_Key that defines the admin partition, wherein the second relationship defines the second fabric resource as a member of the admin partition;

determining (1970)that the first domain resource and the second domain resource are members of the admin partition;

granting (1980) access rights for the first domain resource to the second domain resource based on the determination that the first domain resource and the second domain resource are members of the admin partition;

adding a child resource domain to the resource domain;

adding a third fabric resource to the child resource domain, wherein the third fabric resource is identified by a third identifier, and wherein the third identifier is stored in the memory; and

creating a third relationship in the memory between the third identifier and the first P_Key that defines the admin partition, wherein the third relationship defines the third fabric resource as a member of the admin partition.


 
14. A computer program comprising program instructions in machine-readable format that when executed by a computer system cause the computer system to perform the method of any of Claims 1 to 6.
 
15. A computer program product comprising the computer program of Claim 14 stored in a machine readable data storage medium.
 


Ansprüche

1. Verfahren zum Korrelieren der Gruppenzugehörigkeit auf Koppelfeldebene mit der Gruppenzugehörigkeit auf Subnetzebene innerhalb eines Netzkoppelfeldes, das folgende Schritte umfasst:

Erzeugen (1910) einer Ressourcendomäne auf einer Koppelfeldebene des Netzes, wobei die Ressourcendomäne eine logische Gruppierung von Koppelfeldressourcen ist;

Speichern der Ressourcendomäne in einem Speicher;

Erzeugen (1920) einer Verwaltungspartition in einem Subnetz des Netzkoppelfeldes, wobei die Verwaltungspartition durch einen ersten P_Schlüssel definiert ist und wobei der erste P_Schlüssel im gesamten Subnetz eindeutig ist;

Speichern (1930) des ersten P_Schlüssels im Speicher;

Verknüpfen (1940) der Ressourcendomäne mit der Verwaltungspartition;

Hinzufügen (1950) einer ersten Koppelfeldressource zur Ressourcendomäne, wobei die erste Koppelfeldressource durch einen ersten Kennzeichner identifiziert wird und wobei der erste Kennzeichner im Speicher gespeichert wird;

Erzeugen einer ersten Beziehung im Speicher zwischen dem ersten Kennzeichner und dem ersten P_Schlüssel, der die Verwaltungspartition definiert, wobei die erste Beziehung die erste Koppelfeldressource als Mitglied der Verwaltungspartition definiert;

Hinzufügen (1960) einer zweiten Koppelfeldressource zur Ressourcendomäne, wobei die zweite Koppelfeldressource durch einen zweiten Kennzeichner identifiziert wird und wobei der zweite Kennzeichner im Speicher gespeichert wird;

Erzeugen einer zweiten Beziehung im Speicher zwischen dem zweiten Kennzeichner und dem ersten P_Schlüssel, der die Verwaltungspartition definiert, wobei die zweite Beziehung die zweite Koppelfeldressource als Mitglied der Verwaltungspartition definiert;

Bestimmen (1970), dass die erste Domänenressource und die zweite Domänenressource Mitglieder der Verwaltungspartition sind;

Gewähren (1980) von Zugriffsrechten für die erste Domänenressource auf die zweite Domänenressource basierend auf der Bestimmung, dass die erste Domänenressource und die zweite Domänenressource Mitglieder der Verwaltungspartition sind;

Hinzufügen einer untergeordneten Ressourcendomäne zur Ressourcendomäne;

Hinzufügen einer dritten Koppelfeldressource zur untergeordneten Ressourcendomäne, wobei die dritte Koppelfeldressource durch einen dritten Kennzeichner identifiziert wird und wobei der dritte Kennzeichner im Speicher gespeichert wird; und

Erzeugen einer dritten Beziehung im Speicher zwischen dem dritten Kennzeichner und dem ersten P_Schlüssel, der die Verwaltungspartition definiert, wobei die dritte Beziehung die dritte Koppelfeldressource als Mitglied der Verwaltungspartition definiert.


 
2. Verfahren nach Anspruch 1, ferner folgende Schritte umfassend:
Verknüpfen eines Benutzers auf Domänenebene mit der Ressourcendomäne, wobei die Verknüpfung des Benutzers auf Domänenebene mit der Ressourcendomäne dem Benutzer auf Domänenebene Rechte zur Verwaltung der ersten Koppelfeldressource und der zweiten Koppelfeldressource gewährt.
 
3. Verfahren nach Anspruch 1, ferner folgende Schritte umfassend:

Erzeugen einer zweiten Verwaltungspartition im Subnetz des Netzkoppelfeldes, wobei die zweite Verwaltungspartition durch einen zweiten P_Schlüssel definiert ist und wobei der zweite P_Schlüssel im gesamten Subnetz eindeutig ist;

Speichern des zweiten P_Schlüssels im Speicher;

Verknüpfen der untergeordneten Ressourcendomäne mit der zweiten Verwaltungspartition; und

Erzeugen einer vierten Beziehung im Speicher zwischen dem dritten Kennzeichner und dem zweiten P_Schlüssel, der die zweite Verwaltungspartition definiert, wobei die vierte Beziehung die dritte Koppelfeldressource als Mitglied der zweiten Verwaltungspartition definiert.


 
4. Verfahren nach einem der vorstehenden Ansprüche, ferner umfassend:

Zuweisen eines ersten logischen Namens zur ersten Koppelfeldressource;

Speichern des ersten logischen Namens im Speicher;

Erzeugen einer Beziehung zwischen dem ersten logischen Namen und dem ersten Kennzeichner im Speicher, wobei die Beziehung den ersten logischen Namen und den ersten Kennzeichner im Speicher verbindet.


 
5. Verfahren nach Anspruch 4, ferner umfassend:

Zuweisen eines zweiten logischen Namens zur zweiten Koppelfeldressource;

Nachschlagen des ersten logischen Namens im Speicher;

Speichern des zweiten logischen Namens im Speicher nur dann, wenn der zweite logische Name vom ersten logischen Namen verschieden ist.


 
6. Verfahren nach Anspruch 1, ferner folgende Schritte umfassend:

Erzeugen einer Datenpartition im Subnetz des Netzkoppelfeldes;

Verknüpfen der Datenpartition mit der ersten Verwaltungspartition;

Empfangen einer Anfrage von der ersten Koppelfeldressource, Mitglied der Datenpartition zu werden;

Aufnehmen der ersten Koppelfeldressource als Mitglied der Datenpartition, basierend auf der Verknüpfung der Datenpartition mit der Verwaltungspartition.


 
7. System, das die Gruppenzugehörigkeit auf Koppelfeldebene mit der Gruppenzugehörigkeit auf Subnetzebene innerhalb eines Netzkoppelfeldes korreliert, umfassend:

einen Knoten, der einen Prozessor aufweist;

einen Speicher, auf den der Knoten zugreifen kann;

eine Ressourcendomäne, wobei die Ressourcendomäne eine logische Gruppierung von Koppelfeldressourcen ist und im Speicher gespeichert ist;

einen ersten P_Schlüssel, der im Speicher gespeichert ist, wobei der P_Schlüssel eine Verwaltungspartition definiert und wobei der erste P_Schlüssel im gesamten Subnetz eindeutig ist;

und wobei der Knoten betrieben wird zum:

Verknüpfen (1940) der Ressourcendomäne mit dem ersten P_Schlüssel;

Hinzufügen (1950) einer ersten Koppelfeldressource zur Ressourcendomäne, wobei die erste Koppelfeldressource durch einen ersten Kennzeichner identifiziert wird und wobei der erste Kennzeichner im Speicher gespeichert wird;

Erzeugen einer ersten Beziehung im Speicher zwischen dem ersten Kennzeichner und dem ersten P_Schlüssel, der die Verwaltungspartition definiert, und wobei die erste Beziehung die erste Koppelfeldressource als Mitglied der Verwaltungspartition definiert;

Hinzufügen (1960) einer zweiten Koppelfeldressource zur Ressourcendomäne, wobei die zweite Koppelfeldressource durch einen zweiten Kennzeichner identifiziert wird und wobei der zweite Kennzeichner im Speicher gespeichert wird;

Erzeugen einer zweiten Beziehung im Speicher zwischen dem zweiten Kennzeichner und dem ersten P_Schlüssel, der die Verwaltungspartition definiert, und wobei die zweite Beziehung die zweite Koppelfeldressource als Mitglied der Verwaltungspartition definiert;

Bestimmen (1970), dass die erste Domänenressource und die zweite Domänenressource Mitglieder der Verwaltungspartition sind;

Gewähren (1980) von Zugriffsrechten für die erste Domänenressource auf die zweite Domänenressource basierend auf der Bestimmung, dass die erste Domänenressource und die zweite Domänenressource Mitglieder der Verwaltungspartition sind;

Hinzufügen einer untergeordneten Ressourcendomäne zur Ressourcendomäne;

Hinzufügen einer dritten Koppelfeldressource zur untergeordneten Ressourcendomäne, wobei die dritte Koppelfeldressource durch einen dritten Kennzeichner identifiziert wird und wobei der dritte Kennzeichner im Speicher gespeichert wird; und

Erzeugen einer dritten Beziehung im Speicher zwischen dem dritten Kennzeichner und dem ersten P_Schlüssel, der die Verwaltungspartition definiert, wobei die dritte Beziehung die dritte Koppelfeldressource als Mitglied der Verwaltungspartition definiert.


 
8. System nach Anspruch 7, wobei der Verwaltungspartition ein logischer Name zugewiesen wird, der im gesamten Koppelfeld eindeutig ist, wobei der ersten Koppelfeldressource ein logischer Name zugewiesen wird, der im gesamten Subnetz eindeutig ist, und wobei dem logischen Namen, der der ersten Koppelfeldressource zugewiesen ist, der logische Name vorangestellt wird, der der Verwaltungspartition zugewiesen ist, um einen logischen Namen der ersten Koppelfeldressource zu erzeugen, der im gesamten Koppelfeld eindeutig ist.
 
9. System nach Anspruch 7 oder 8, das ferner eine Koppelfeldverwaltungseinheit umfasst, wobei die Koppelfeldverwaltungseinheit eine Benutzerschnittstelle umfasst und wobei ein Benutzer wenigstens teilweise die Ressourcendomäne über die Benutzerschnittstelle der Koppelfeldverwaltungseinheit verwaltet, und wobei optional die Verwaltungspartition für den Benutzer transparent ist, und wobei der erste P_Schlüssel von der Koppelfeldverwaltungseinheit automatisch erzeugt und im Speicher gespeichert wird, wenn die Ressourcendomäne erzeugt wird.
 
10. System nach einem der Ansprüche 7 bis 9, wobei der erste P_Schlüssel auf eine explizite Aufforderung des Benutzers hin erzeugt und im Speicher gespeichert wird.
 
11. System nach einem der Ansprüche 7 bis 10, wobei die erste Koppelfeldressource ein Host-Kanaladapter (HCA, Host Channel Adapter) und die zweite Domänenressource ein virtueller Host-Kanaladapter (vHCA) ist.
 
12. System nach Anspruch 7, wobei der Speicher eine relationale Datenbank umfasst und wobei der erste P_Schlüssel, der erste Kennzeichner, die erste Beziehung, der zweite Kennzeichner und die zweite Beziehung in der relationalen Datenbank gespeichert sind.
 
13. Computerlesbares Speichermedium, das darauf gespeicherte Anweisungen zum Korrelieren der Gruppenzugehörigkeit auf Koppelfeldebene mit der Gruppenzugehörigkeit auf Subnetzebene innerhalb eines Netzkoppelfeldes aufweist, die, wenn sie durch einen oder mehrere Computer gelesen und ausgeführt werden, die ein oder mehreren Computer veranlassen, Schritte auszuführen, die umfassen:

Erzeugen (1910) einer Ressourcendomäne auf einer Koppelfeldebene des Netzes, wobei die Ressourcendomäne eine logische Gruppierung von Koppelfeldressourcen ist;

Speichern der Ressourcendomäne in einem Speicher;

Erzeugen (1920) einer Verwaltungspartition in einem Subnetz des Netzkoppelfeldes, wobei die Verwaltungspartition durch einen ersten P_Schlüssel definiert ist und wobei der erste P_Schlüssel im gesamten Subnetz eindeutig ist;

Speichern (1930) des ersten P_Schlüssels im Speicher;

Verknüpfen (1940) der Ressourcendomäne mit der Verwaltungspartition;

Hinzufügen (1950) einer ersten Koppelnetzressource zur Ressourcendomäne, wobei die erste Koppelnetzressource durch einen ersten Kennzeichner identifiziert wird und wobei der erste Kennzeichner im Speicher gespeichert wird;

Erzeugen einer ersten Beziehung im Speicher zwischen dem ersten Kennzeichner und dem ersten P_Schlüssel, der die Verwaltungspartition definiert, wobei die erste Beziehung die erste Koppelfeldressource als Mitglied der Verwaltungspartition definiert;

Hinzufügen (1960) einer zweiten Koppelfeldressource zur Ressourcendomäne, wobei die zweite Koppelfeldressource durch einen zweiten Kennzeichner identifiziert wird und wobei der zweite Kennzeichner im Speicher gespeichert wird;

Erzeugen einer zweiten Beziehung im Speicher zwischen dem zweiten Kennzeichner und dem ersten P_Schlüssel, der die Verwaltungspartition definiert, wobei die zweite Beziehung die zweite Koppelfeldressource als Mitglied der Verwaltungspartition definiert;

Bestimmen (1970), dass die erste Domänenressource und die zweite Domänenressource Mitglieder der Verwaltungspartition sind;

Gewähren (1980) von Zugriffsrechten für die erste Domänenressource auf die zweite Domänenressource basierend auf der Bestimmung, dass die erste Domänenressource und die zweite Domänenressource Mitglieder der Verwaltungspartition sind;

Hinzufügen einer untergeordneten Ressourcendomäne zur Ressourcendomäne;

Hinzufügen einer dritten Koppelfeldressource zur untergeordneten Ressourcendomäne, wobei die dritte Koppelfeldressource durch einen dritten Kennzeichner identifiziert wird und wobei der dritte Kennzeichner im Speicher gespeichert wird; und

Erzeugen einer dritten Beziehung im Speicher zwischen dem dritten Kennzeichner und dem ersten P_Schlüssel, der die Verwaltungspartition definiert, wobei die dritte Beziehung die dritte Koppelfeldressource als Mitglied der Verwaltungspartition definiert.


 
14. Computerprogramm, das Programmanweisungen in maschinenlesbarem Format umfasst, die bei Ausführung durch ein Computersystem das Computersystem veranlassen, das Verfahren nach einem der Ansprüche 1 bis 6 auszuführen.
 
15. Computerprogrammprodukt, das das Computerprogramm nach Anspruch 14 gespeichert auf einem maschinenlesbaren Datenspeichermedium umfasst.
 


Revendications

1. Procédé de corrélation d'une appartenance de groupe au niveau structure de commutation avec une appartenance de groupe au niveau sous-réseau au sein d'une structure de commutation de réseau, comprenant les étapes suivantes :

création (1910) d'un domaine de ressources à un niveau structure de commutation du réseau, le domaine de ressources étant un groupement logique de ressources de structure de commutation ;

stockage du domaine de ressources dans une mémoire ;

création (1920) d'une partition d'administration dans un sous-réseau de la structure de commutation de réseau, la partition d'administration étant définie par une première P_Key, et la première P_Key étant unique dans tout le sous-réseau ;

stockage (1930) de la première P_Key dans la mémoire ;

association (1940) du domaine de ressources à la partition d'administration ;

ajout (1950) d'une première ressource de structure de commutation au domaine de ressources, la première ressource de structure de commutation étant identifiée par un premier identifiant, et le premier identifiant étant stocké dans la mémoire ;

création d'une première relation dans la mémoire entre le premier identifiant et la première P_Key qui définit la partition d'administration, la première relation définissant la première ressource de structure de commutation comme appartenant à la partition d'administration ;

ajout (1960) d'une deuxième ressource de structure de commutation au domaine de ressources, la deuxième ressource de structure de commutation étant identifiée par un deuxième identifiant, et le deuxième identifiant étant stocké dans la mémoire ;

création d'une deuxième relation dans la mémoire entre le deuxième identifiant et la première P_Key qui définit la partition d'administration, la deuxième relation définissant la deuxième ressource de structure de commutation comme appartenant à la partition d'administration ;

détermination (1970) que la première ressource de domaine et la deuxième ressource de domaine appartiennent à la partition d'administration ;

octroi (1980) de droits d'accès portant sur la première ressource de domaine à la seconde ressource de domaine sur la base de la détermination que la première ressource de domaine et la seconde ressource de domaine appartiennent à la partition d'administration ;

ajout d'un domaine de ressources enfant au domaine de ressources ;

ajout d'une troisième ressource de structure de commutation au domaine de ressources enfant, la troisième ressource de structure de commutation étant identifiée par un troisième identifiant, et le troisième identifiant étant stocké dans la mémoire ; et

création d'une troisième relation dans la mémoire entre le troisième identifiant et la première P_Key qui définit la partition d'administration, la troisième relation définissant la troisième ressource de structure de commutation comme appartenant à la partition d'administration.


 
2. Procédé selon la revendication 1, comprenant en outre les étapes suivantes :
association d'un utilisateur du niveau domaine au domaine de ressources, l'association de l'utilisateur du niveau domaine au domaine de ressources octroyant à l'utilisateur du niveau domaine des permissions pour gérer la première ressource de structure de commutation et la deuxième ressource de structure de commutation.
 
3. Procédé selon la revendication 1, comprenant en outre les étapes suivantes :

création d'une seconde partition d'administration dans le sous-réseau de la structure de commutation de réseau, la seconde partition d'administration étant définie par une seconde P_Key, et la seconde P_Key étant unique dans tout le sous-réseau ;

stockage de la seconde P_Key dans la mémoire ;

association du domaine de ressources enfant à la seconde partition d'administration ; et

création d'une quatrième relation dans la mémoire entre le troisième identifiant et la seconde P_Key qui définit la seconde partition d'administration, la quatrième relation définissant la troisième ressource de structure de commutation comme appartenant à la seconde partition d'administration.


 
4. Procédé selon l'une quelconque des revendications précédentes, comprenant en outre les étapes suivantes :

assignation d'un premier nom logique à la première ressource de structure de commutation ;

stockage du premier nom logique dans la mémoire ;

création d'une relation entre le premier nom logique et le premier identifiant dans la mémoire, la relation liant le premier nom logique et le premier identifiant dans la mémoire.


 
5. Procédé selon la revendication 4, comprenant en outre les étapes suivantes :

assignation d'un second nom logique à la deuxième ressource de structure de commutation ;

consultation du premier nom logique dans la mémoire ; et

stockage du second nom logique dans la mémoire uniquement si le second nom logique est différent du premier nom logique.


 
6. Procédé selon la revendication 1, comprenant en outre les étapes suivantes :

création d'une partition de données dans le sous-réseau de la structure de commutation de réseau ;

association de la partition de données à la première partition d'administration ;

réception depuis la première ressource de structure de commutation d'une requête demandant d'appartenir à partition de données ;

désignation de la première ressource de structure de commutation comme appartenant à la partition de données sur la base de l'association de la partition de données avec la partition d'administration.


 
7. Système de corrélation d'une appartenance de groupe au niveau structure de commutation avec une appartenance de groupe au niveau sous-réseau au sein d'une structure de commutation de réseau , comprenant :

un nœud, comportant un processeur ;

une mémoire accessible au nœud ;

un domaine de ressources, le domaine de ressources étant un groupement logique de ressources de structure de commutation stocké dans la mémoire ;

une première P_Key stockée dans la mémoire, la P_Key définissant une partition d'administration, et la première P_Key étant unique dans tout le sous-réseau ;

et dans lequel le nœud fonctionne pour :

associer (1940) le domaine de ressources à la première P_Key ;

ajouter (1950) une première ressource de structure de commutation au domaine de ressources, la première ressource de structure de commutation étant identifiée par un premier identifiant, et le premier identifiant étant stocké dans la mémoire ;

créer une première relation dans la mémoire entre le premier identifiant et la première P Key qui définit la partition d'administration, et la première relation définissant la première ressource de structure de commutation comme appartenant à la partition d'administration ;

ajouter (1960) une deuxième ressource de structure de commutation au domaine de ressources, la deuxième ressource de structure de commutation étant identifiée par un deuxième identifiant, et le deuxième identifiant étant stocké dans la mémoire ;

créer une deuxième relation dans la mémoire entre le deuxième identifiant et la première P_Key qui définit la partition d'administration, et la deuxième relation définissant la deuxième ressource de structure de commutation comme appartenant à la partition d'administration ;

déterminer (1970) que la première ressource de domaine et la seconde ressource de domaine appartiennent à la partition d'administration ;

octroyer (1980) des droits d'accès portant sur la première ressource de domaine à la deuxième ressource de domaine sur la base de la détermination que la première ressource de domaine et la seconde ressource de domaine appartiennent à la partition d'administration ;

ajouter un domaine de ressources enfant au domaine de ressources ;

ajouter une troisième ressource de structure de commutation au domaine de ressources enfant, la troisième ressource de structure de commutation étant identifiée par un troisième identifiant, et le troisième identifiant étant stocké dans la mémoire ; et

créer une troisième relation dans la mémoire entre le troisième identifiant et la première P_Key qui définit la partition d'administration, la troisième relation définissant la troisième ressource de structure de commutation comme appartenant à la partition d'administration.


 
8. Système selon la revendication 7, dans lequel un nom logique unique dans toute la structure de commutation est assigné à la partition d'administration, dans lequel un nom logique unique dans tout le sous-réseau est assigné à la première ressource de structure de commutation, et dans lequel le nom logique assigné à la première ressource de structure de commutation a pour préfixe le nom logique assigné à la partition d'administration pour créer un nom logique de la première ressource de structure de commutation qui est unique dans toute la structure de commutation.
 
9. Système selon la revendication 7 ou 8, comprenant en outre un gestionnaire de structure de commutation, dans lequel le gestionnaire de structure de commutation comprend une interface utilisateur, et dans lequel un utilisateur gère au moins partiellement le domaine de ressources par le biais de l'interface utilisateur du gestionnaire de structure de commutation, et facultativement dans lequel la partition d'administration est transparente à l'utilisateur, et dans lequel la première P_Key est générée et stockée dans la mémoire automatiquement par le gestionnaire de structure de commutation quand le domaine de ressources est créé.
 
10. Système selon l'une quelconque des revendications 7 à 9, dans lequel la première P_Key est générée et stockée dans la mémoire lors d'une invite explicite de l'utilisateur.
 
11. Système selon l'une quelconque des revendications 7 à 10, dans lequel la première ressource de structure de commutation est un adaptateur de canal hôte (HCA) et la seconde ressource de domaine est un adaptateur de canal hôte virtuel (vHCA).
 
12. Système selon la revendication 7, dans lequel la mémoire comprend une base de données relationnelle, et, dans lequel la première P_Key, le premier identifiant, la première relation, le deuxième identifiant et la deuxième relation sont stockés dans la base de données relationnelle.
 
13. Support de stockage lisible par ordinateur, sur lequel sont stockées des instructions pour corréler une appartenance de groupe au niveau structure de commutation avec une appartenance de groupe au niveau sous-réseau au sein d'une structure de commutation de réseau, lesquelles, à leur lecture et exécution par un ou plusieurs ordinateurs, amènent les un ou plusieurs ordinateurs à mettre en œuvre des étapes comprenant :

la création (1910) d'un domaine de ressources à un niveau de structure de communication du réseau, le domaine de ressources étant un groupement logique de ressources de structure de commutation ;

le stockage du domaine de ressources dans une mémoire ;

la création (1920) d'une partition d'administration dans un sous-réseau de la structure de commutation de réseau, la partition d'administration étant définie par une première P_Key, et la première P_Key étant unique dans tout le sous-réseau ;

le stockage (1930) de la première P_Key dans la mémoire ;

l'association (1940) du domaine de ressources à la partition d'administration ;

l'ajout (1950) d'une première ressource de structure de commutation au domaine de ressources, la première ressource de structure de commutation étant identifiée par un premier identifiant, et le premier identifiant étant stocké dans la mémoire ;

la création d'une première relation dans la mémoire entre le premier identifiant et la première P_Key qui définit la partition d'administration, la première relation définissant la première ressource de structure de commutation comme appartenant à la partition d'administration ;

l'ajout (1960) d'une deuxième ressource de structure de commutation au domaine de ressources, la deuxième ressource de structure de commutation étant identifiée par un deuxième identifiant, et le deuxième identifiant étant stocké dans la mémoire ;

la création d'une deuxième relation dans la mémoire entre le deuxième identifiant et la première P_Key qui définit la partition d'administration, la deuxième relation définissant la deuxième ressource de structure de commutation comme appartenant à la partition d'administration ;

la détermination (1970) que la première ressource de domaine et la seconde ressource de domaine appartiennent à la partition d'administration ;

l'octroi (1980) de droits d'accès portant sur la première ressource de domaine à la seconde ressource de domaine sur la base de la détermination que la première ressource de domaine et la seconde ressource de domaine appartiennent à la partition d'administration ;

l'ajout d'un domaine de ressources enfant au domaine de ressources ;

l'ajout d'une troisième ressource de structure de commutation au domaine de ressources enfant, la troisième ressource de structure de commutation étant identifiée par un troisième identifiant, et le troisième identifiant étant stocké dans la mémoire ; et

la création d'une troisième relation dans la mémoire entre le troisième identifiant et la première P_Key qui définit la partition d'administration, la troisième relation définissant la troisième ressource de structure de commutation comme appartenant à la partition d'administration.


 
14. Programme informatique comprenant des instructions de programme dans un format lisible par machine, qui, à leur exécution par un système informatique, amènent le système informatique à mettre en œuvre le procédé selon l'une quelconque des revendications 1 à 6.
 
15. Produit-programme informatique selon la revendication 14 stocké dans un support de stockage de données lisible par machine.
 




Drawing










































































Cited references

REFERENCES CITED IN THE DESCRIPTION



This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

Patent documents cited in the description




Non-patent literature cited in the description