US20110026521A1 - Apparatus and methods for forwarding data packets captured from a network - Google Patents
Apparatus and methods for forwarding data packets captured from a network Download PDFInfo
- Publication number
- US20110026521A1 US20110026521A1 US12/533,957 US53395709A US2011026521A1 US 20110026521 A1 US20110026521 A1 US 20110026521A1 US 53395709 A US53395709 A US 53395709A US 2011026521 A1 US2011026521 A1 US 2011026521A1
- Authority
- US
- United States
- Prior art keywords
- data packet
- packet forwarding
- data
- real
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/302—Route determination based on requested QoS
- H04L45/306—Route determination based on the nature of the carried application
- H04L45/3065—Route determination based on the nature of the carried application for real time traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
- H04L43/106—Active monitoring, e.g. heartbeat, ping or trace-route using time related information in packets, e.g. by adding timestamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
Definitions
- Captured data packets may then be, for example: analyzed to determine their presence and correctness; sorted for purposes such as call flow analysis; factored into various statistics; or examined to determine the content or completeness of their payloads.
- FIG. 1 illustrates an exemplary data packet capture apparatus
- FIG. 2 illustrates an exemplary method for capturing data packets from a network
- FIG. 3 illustrates an exemplary packet forwarding apparatus that may be coupled to, or included in, a data packet capture apparatus such as the apparatus shown in FIG. 1 ;
- FIG. 4 illustrates exemplary real-time and non-real-time data packet interfaces of the data packet receiving interface shown in FIG. 3 ;
- FIG. 5 illustrates i) a single real-time data packet receiving interface that may be coupled to the real-time data packet forwarding interface shown in FIG. 1 , and ii) an additional data store that may be implemented or accessed by a packet forwarding apparatus;
- FIG. 6 illustrates exemplary real-time and non-real-time data packet forwarding paths, as well as sampled and filtered data packet forwarding paths, of a data packet capture apparatus
- FIG. 7 illustrates an exemplary packet forwarding apparatus comprising a query interface
- FIG. 8 illustrates an exemplary packet forwarding method
- FIG. 9 illustrates an exemplary system that supports the needs of various real-time, non-real-time and query-based applications, such as traffic monitoring and analysis applications.
- Network monitoring is often a component of the applications that Service Providers use to manage i) their networks, and ii) the services provided over their networks. These applications capture data packets from the network and perform various types of processing. For example, signaling monitoring applications capture the signaling packets that are used to setup, control, and terminate phone calls; process those packets to recreate individual calls; and compute various measurements that can be used to determine the performance of the network.
- At least some of the apparatus and methods disclosed herein are able to adapt the flow of captured data packets to the processing capabilities of one or more applications, thereby enabling the applications to scale at a better-than-linear rate with respect to growth in network traffic.
- a “data packet” is defined as any sort of packetized information carried over a network.
- the packetized information may include, for example, multimedia, voice, data or control information.
- FIG. 1 illustrates an exemplary data packet capture apparatus 100 .
- the apparatus 100 comprises a physical, network-connectable data capture probe 102 .
- the apparatus 100 also comprises a time-stamping circuit 104 that is configured to time-stamp the data packets that are captured via the data capture probe 102 .
- the time-stamping circuit 104 may comprise an arrival gate 124 and a clock 126 . At the arrival gate 124 , times may be retrieved from the clock 126 and associated with captured data packets as time-of-capture time-stamps.
- an interface 130 may be provided for synchronizing the clock's time with a system time.
- the apparatus 100 further comprises 1) a real-time packet forwarding circuit 106 that is configured to stream data packets captured via the data capture probe 102 to a real-time data packet interface 108 , and 2) a real-time packet storing circuit 110 that operates in parallel with the real-time packet forwarding circuit 106 .
- a communication bus 128 , data tee or other mechanism provides captured data packets to the circuits 106 and 110 substantially in parallel.
- multiple ones of the probes 102 could be connected to the communication bus 128 and provide data packets to each of the real-time packet forwarding circuit 106 and the real-time packet storing circuit 110 .
- the real-time packet forwarding circuit 106 is configured to forward data packets to the real-time data packet interface 108 as soon as possible, while the real-time packet storing circuit 110 is configured to store the data packets captured via the data capture probe 102 in a data store 112 .
- Data packets are stored in the data store 112 in association with their time-of-capture time-stamps. Preferably, all captured data packets are stored in the data store 112 . However, in some cases, a sampled or filtered set of data packets may be stored in the data store 112 .
- the data packet capture apparatus 100 can provide various advantages over conventional data packet capture probes. For example, many applications provide their most useful or complete analyses of network traffic when they are able to review and process all of the data packets that pass over a network. However, the rate at which data propagates over a network, or the burstiness of some data, can sometimes overwhelm the processing capability of an application. In the past, applications have dealt with this issue by simply dropping certain data packets, e.g., by dropping m out of every n data packets received, or by dropping data packets whenever the application's receive buffer(s) reach capacity. The data packet capture apparatus 100 alleviates this issue by not only forwarding data packets in real-time, but by storing them for non-real-time access. In this manner, an application that knows or presumes it is dropping packets can obtain the dropped packets from the data store 112 .
- an application may intentionally and routinely drop certain data packets. Such may be the case with an application that provides a high-level snapshot of network traffic.
- an application can sample or filter the real-time data packet stream generated at the real-time data packet interface 108 , and upon identifying an anomaly (or upon receiving a drill-down request from a user), the application may obtain a more granular data packet stream (or simply all data packets in a particular timeframe) from the data store 112 .
- the data packet capture apparatus 100 can also be useful in that it stores data packets in association with their time-stamps. In this manner, an application that obtains a data packet from the data store 112 can determine the temporal context of the data packet—even though the data packet was not forwarded to the application in real-time.
- the real-time packet forwarding circuit 106 may forward data packets with or without their associated time-stamps. If the time-stamping circuit 104 is removed from the path between the data capture probe 102 and the real-time packet forwarding circuit 106 , the speed at which data packets are forwarded via the real-time packet forwarding circuit 106 may be increased. However, if data packets are time-stamped upon capture, and then forwarded along with their associated time-stamps via the real-time packet forwarding circuit 106 , downstream applications can construct more accurate analyses of the traffic appearing on a network.
- the real-time packet forwarding circuit 106 may consist of a wire or data transmission path. In other embodiments, the real-time packet forwarding circuit 106 may comprise other structures, such as a buffer that enables the circuit 106 to temporarily store bursts of data packets.
- “real-time” packet forwarding is understood to be packet forwarding that is accomplished as soon as possible, possibly with temporary buffering of data packets for seconds or fractions of a second, but without moving data packets to a longer term data store (e.g., for minutes or hours).
- the real-time packet storing circuit 110 may store data packets in the data store 112 in various ways. In some embodiments, the real-time packet storing circuit 110 may simply store each data packet in association with its time-stamp. In other embodiments, the real-time packet storing circuit 110 may associate stored data packets in different groups (i.e., “buckets”). In some cases, the different groups may correspond to different time periods in which data packets are received. For example, time may be broken into consecutive N-second periods, and the data packets received in different N-second periods may be associated in different groups. In other cases, the different groups may correspond to volumes of captured data packets. For example, a new packet group may be formed following the receipt of every M packets.
- the different groups of data packets stored in the data store 112 may be stored in different physical or logical structures 114 , 116 , 118 , such as different physical or logical partitions, tables or files.
- first and second consecutively captured groups of data packets may be stored in respective first and second partitions, such as disk partitions, of the data store 112 .
- first and second consecutively captured groups of data packets may be stored in respective first and second tables or files in the data store 112 .
- the data store 112 may comprise one or more disks or servers, or a storage area network (SAN).
- SAN storage area network
- the type or size of data store used there is no inherent limitation on the type or size of data store used (beyond any existing size limitation of the type of data storage technology used).
- the storage of data packets in groups is not intended as a replacement for disk configurations such as RAID (redundant array of inexpensive disks) configurations. Rather, the storage of data packets in groups is intended to be compatible with data reliability solutions that might be employed (such as RAID).
- the data packet capture apparatus 100 may further comprise a non-real-time packet interface 120 .
- the data store 112 or another element may provide an interface to the data store 112 .
- the real-time packet storing circuit 110 may set or provide an indicator when all of the data packets of a group have been written to the data store 112 .
- a non-real-time packet interface such as the interface 120 , may then provide read access to a particular group of data packets after all of the data packets in the particular group have been stored in the data store 112 . In this manner, faster access may be provided to different groups of data, while also maintaining the integrity of the data store 112 and any non-real-time stream(s) or data derived therefrom.
- the non-real-time packet interface 120 may provide a stream of data packets at a rate that differs from the rate of data packets forwarded via the real-time data packet interface 108 . In other cases, the non-real-time packet interface 120 may provide data packets, or particular groups of data packets, in response to application queries.
- the data packet capture apparatus 100 may also comprise a configuration interface 122 .
- the configuration interface 122 enables an application or user to configure or control one or more parameters of the data packet capture apparatus 100 .
- input e.g., configuration information
- the real-time packet storing circuit 110 may configure, or adaptively reconfigure, at least one parameter of the different groups of data packets stored in the data store 112 .
- the at least one parameter may comprise a time period covered by each group (e.g., N seconds).
- the at least one parameter may comprise a data packet volume (e.g., M data packets).
- the at least one parameter may comprise the number of the data packet groups, the format of the data packet groups, or a time indicating how long the data in each group should be maintained before being overwritten.
- Other parameters may also be configured or adaptively reconfigured.
- the configuration interface 122 may be used to configure the data packet capture apparatus 100 upon power-up or between data packet capture.
- the configuration interface 122 can be used to configure the data packet capture apparatus 100 while data packets are being captured by the data packet capture apparatus 100 .
- configuration information could be received via the configuration interface 122 during data packet capture, and in response to this information, the real-time packet storing circuit 110 could adaptively reconfigure a parameter of the data packet groups stored in the data store 112 .
- the data packet capture apparatus 100 may be implemented using various technologies, including printed circuit board, integrated circuit, and/or other technologies. In some embodiments, some or all of the circuits of the data packet capture apparatus 100 may be implemented, at least in part, using a field-programmable gate array (FPGA) or microprocessor.
- FPGA field-programmable gate array
- FIG. 2 illustrates an exemplary method 200 for capturing data packets from a network.
- the method 200 may be implemented using the data packet capture apparatus 100 ( FIG. 1 ).
- the method 200 comprises capturing the data packets at a physical, network-connectable data capture probe (at block 202 ).
- the data packets are time-stamped with time-of-capture time-stamps (at block 204 ).
- the time-stamped data packets are a) stored (at block 206 ), and b) forwarded to at least one consumer in real-time (at block 208 ).
- storing the time-stamped data packets may comprise storing the time-stamped data packets in different groups, such as groups corresponding to different time periods or groups defined in response to volumes of data packets captured.
- groups such as groups corresponding to different time periods or groups defined in response to volumes of data packets captured.
- consumer access to a particular group of stored data packets may be provided only after all of the data packets in the particular group have been stored (e.g., on a group-by-group basis). This eliminates read/write conflicts, yet provides access to certain data packets while other data packets are being received.
- stored data packets may be automatically streamed from a data store, but at a different rate than data packets forwarded in real-time.
- stored data packets may be retrieved: on a query basis, based on their associated time-stamps, or based on the time-stamp ranges of the groups in which the data packets are stored.
- a process e.g., a consumer or application
- retrieves the data packets from the data store may provide indications that the data packets of particular groups have been read and can be overwritten.
- groups of data packets can be flagged for overwrite after a predetermined period of time.
- the above-described apparatus and methods are useful in many contexts in which data packets passing over a network need to be monitored or analyzed. However, the apparatus and methods are particularly useful when data packets need to be monitored in high-speed or bursty networks, such as networks that carry voice traffic and other streaming media.
- the consumers or applications that receive or retrieve data packets from the data packet capture apparatus 100 may take various forms, including those of: network or service monitoring or analysis tools; or real-time or non-real-time applications. Consumers or applications may be hardware or software-based, or may comprise a combination thereof. In some cases, consumers and applications may comprise structures, processes or components that sample, filter, decode or condition the data packets that are forwarded to (or retrieved by) other consumers or applications. To a large extent, the terms “consumer” and “application” are interchangeable.
- the apparatus and methods disclosed herein my be considered “smart” in that they can provide a consumer or application with all of the data packets appearing on a network, and can often do so at a rate or time that is adaptable to the needs of particular consumers or applications (including multiple consumers or applications).
- the apparatus and methods disclosed herein can implement a configuration interface or function. In this manner, the packet rate of a non-real-time stream can be adapted to the need (or changing need) of a particular consumer or application.
- Another advantage of the apparatus and methods disclosed herein is that they scale well. That is, as the speed or volume of traffic on a network increases, a consumer or application may adaptively choose whether it receives a real-time or non-real-time stream of data packets; or, a consumer or application may query the data store 112 for data packets that it dropped. Also, if a consumer or application intentionally drops data packets, it or its user can later retrieve a more granular data packet view (or all data packets in a particular time period) for purposes such as: a drill-down analysis, a determination of the cause of an anomaly or trend, or a call trace.
- the data packets provided by the real-time and non-real-time interfaces 108 , 120 include “all” captured data packets (as is the case at the real-time interface 108 ) or “all of the data packets in a particular group of data packets” (as is the case at the non-real-time interface 120 ).
- FIG. 3 illustrates an exemplary packet forwarding apparatus 300 that may be coupled to, or included in, a data packet capture apparatus such as the apparatus 100 .
- the exemplary packet forwarding apparatus 300 comprises a data packet receiving interface 302 , a data packet forwarding interface 304 , and a configuration interface 306 .
- the data packet receiving interface 302 may comprise a plurality of inputs
- the data packet forwarding interface 304 may comprise a plurality of outputs.
- the apparatus 300 also comprises circuitry 308 that defines a plurality of data packet forwarding paths (i.e., two or more paths 310 , 312 ) between the data packet receiving interface 302 and the data packet forwarding interface 304 .
- the circuitry 308 defines at least one of the plurality of data packet forwarding paths (and may define all of the data packet forwarding paths) in response to input (e.g., configuration information) received via the configuration interface 306 .
- some or all of the circuitry of the packet forwarding apparatus 300 may be implemented, at least in part, using a field-programmable gate array (FPGA) or microprocessor.
- FPGA field-programmable gate array
- the data packet receiving interface 302 may comprise a real-time data packet receiving interface 400 and a non-real-time data packet receiving interface 402 .
- the circuitry 308 may define one or more real-time data packet forwarding paths, such as paths 404 and 406 , and one or more non-real-time data packet forwarding paths, such as paths 408 and 410 .
- the real-time data packet forwarding paths 404 , 406 must necessarily be coupled to the real-time data packet receiving interface 400 .
- the non-real-time data packet forwarding paths 408 , 410 may be coupled to either the non-real-time data packet receiving interface 402 or the real-time data packet receiving interface 400 .
- the real-time data packet forwarding path or paths 404 , 406 may comprise any one or more of: a path via which all received data packets are forwarded; a real-time sampled data packet forwarding path; a real-time filtered data packet forwarding path; or another type of real-time forwarding path.
- the non-real-time data packet forwarding path or paths 408 , 410 may comprise any one or more of: a path via which all received data packets are forwarded; a path via which selected data packets are forwarded, in response to application queries; a non-real-time sampled data packet forwarding path; a non-real-time filtered data packet forwarding path; or another type of non-real-time forwarding path.
- a “real-time sampled data packet forwarding path” comprises circuitry, such as a data sampling circuit 412 ( FIG. 4 ), that samples received data packets and forwards only a subset of the received data packets.
- the set of forwarded data packets may comprise every n-th data packet received, or n packets per a given time period.
- more complex sampling algorithms including pseudo-random sampling, may be employed.
- the sampled data may be selected so that it is statistically significant.
- the fixed or average sampling frequency may be configured such that the sample rate is correlated to the time periods for which data packets are stored in the data store 112 ( FIG. 1 ).
- a real-time sampled data packet forwarding path can be useful when data packets are captured by a data capture probe 102 at a rate that exceeds the processing capacity of a downstream application.
- a “real-time filtered data packet forwarding path” comprises circuitry, such as a data packet filter 414 , that filters received data packets and forwards only a subset of the received data packets.
- a data packet filter specifies one or more properties of the content of a data packet. As a result, a data packet filter will typically require a partial or full packet decode.
- Some exemplary data packet filters include: 1) a filter that only forwards packets associated with a particular phone number, 2) a filter that only forwards packets associated with a particular internet protocol (IP) address, or 3) a filter that only forwards real-time protocol (RTP) packets. Combinations of these and other filters may also be employed.
- the packet forwarding apparatus 300 ( FIGS. 3 & 4 ) is shown to include an optional packet decoder 314 .
- the packet decoder 314 may locate various (or all) of the data fields contained in received data packets.
- the packet decoder 314 is coupled to the data packet receiving interface 302 , the packet decoder 314 (or another packet decoder) could be positioned elsewhere in the packet flow.
- a packet decoder could be included in the circuitry that defines a particular data packet forwarding path 310 , 312 . After a data packet has been partially or fully decoded, the data packet may be forwarded in decoded form, partially decoded form, raw form (un-decoded), or some combination thereof.
- Non-real-time sampled or filtered data packet forwarding paths may operate similarly to real-time sampled or filtered data packet forwarding paths. However, non-real-time forwarding paths may operate on a non-real-time data packet stream, or on a group of data packets spanning a particular time period.
- the data packet receiving interface 302 of the packet forwarding apparatus 300 may be coupled to a physical, network-connectable, data capture probe, such as the data capture probe 102 ( FIG. 1 ).
- the packet forwarding apparatus 300 may be coupled to the data packet capture apparatus 100 in a variety of ways.
- the packet forwarding apparatus 300 may be implemented separately from the data packet capture apparatus 100 .
- the real-time and non-real-time data packet receiving interfaces 400 , 402 shown in FIG. 4 may be respectively coupled to the real-time and non-real-time data packet interfaces 108 , 120 shown in FIG. 1 .
- the data store 112 ( FIG.
- a real-time data packet receiving interface 502 of a packet forwarding apparatus 500 may be coupled to the real-time data packet interface 108 ( FIG. 1 ), and circuitry 504 may provide real-time and non-real-time data packet forwarding paths 506 , 508 between the interface 502 and the interface 304 .
- an additional data store 510 may be implemented or accessed by the packet forwarding apparatus 500 . As shown in FIG.
- the non-real-time data packet forwarding path 508 may first route data packets received at the interface 502 to the data store 510 , and then retrieve some or all of the data packets stored in the data store 510 for forwarding via the interface 304 .
- part or all of the packet forwarding apparatus 300 may be integrated into the data packet capture apparatus 100 .
- real-time and/or non-real-time sampled or filtered data packet forwarding paths 602 , 604 , 606 , 608 may be provided by a data packet capture apparatus 600 .
- non-real-time data packet forwarding paths such as the paths 408 , 410 may forward data that is automatically received at (i.e., pushed to) a non-real-time data packet receiving interface (e.g., the interface 402 ( FIG. 4 )).
- the circuitry 308 of the packet forwarding apparatus 300 may comprise a query interface 700 ( FIG. 7 ), and one or more of the non-real-time data packet forwarding paths 404 , 406 may forward data that is received at a non-real-time interface (e.g., the interface 402 ) in response to queries issued by the query interface 700 .
- the query interface 700 may be operated, directly or indirectly, in response to application requests for particular time periods or groups of data packets. Alternately, the query interface 700 may be operated in response to the processing capability of the packet forwarding apparatus 300 (e.g., the packet forwarding apparatus 300 may request a next group of data packets when it is ready to process it). In yet other embodiments, the query interface 700 may be implemented externally from the packet forwarding apparatus 300 .
- any data packet forwarding path may incorporate structures such as buffers. Buffering enables forwarding paths to i) temporarily store bursts of data packets in a real-time data packet stream, or ii) adapt to differences in processing rates between forwarding paths and downstream consumers or applications.
- Input received via the configuration interface 306 may be used in a variety of ways and for a variety of purposes.
- input received via the configuration interface 306 may be used to configure, or adaptively reconfigure, one or more data packet forwarding paths 310 , 312 .
- “adaptively reconfiguring” means reconfiguring a piece of apparatus while the apparatus 300 is being used.
- the data packet forwarding apparatus 300 may be adaptively reconfigured while data packets are being received by, or output from, the apparatus 300 .
- a data packet forwarding path 404 that comprises a data packet sampling circuit 412 or a data packet filter 414 ( FIG. 4 ).
- input received via the configuration interface 306 may be used to adaptively reconfigure at least one parameter of the data packet sampling circuit 412 or data packet filter 414 .
- an application could adapt a stream of data packets generated at the data packet forwarding interface 304 —in response, for example, to changes in the processing capability of the application; to filling of an application's data store(s); or to anomalies or changes noted in the stream of data packets generated at the data packet forwarding interface 304 .
- a stream of data packets may also be adapted to application user preferences, or in response to a drill-down request.
- input received via the configuration interface 306 may indicate the data packet forwarding path(s) to which a consumer or application would like to register or subscribe.
- input received via a configuration interface may be used to instantiate or decommission one or more data packet forwarding paths. For example, if a new or existing application desires to receive a new or different type of data packet stream, the application can request the instantiation of a new data packet forwarding path. Instantiation of a new data packet forwarding path can be supported, for example, by an FPGA or other type of programmable circuit.
- multiple applications can subscribe to, or receive data packets from, a single data packet forwarding path. It is also envisioned that a single application can register to receive data packets from multiple data packet forwarding paths.
- Input received via the configuration interface 306 may also be used to configure whether a data packet forwarding path forwards raw data packets or decoded data packets (or some combination thereof.
- a data packet forwarding path forwards raw data packets or decoded data packets (or some combination thereof.
- decoded data packets reads on both fully decoded packets and partially decoded data packets.
- FIG. 8 illustrates an exemplary packet forwarding method 800 .
- the method 800 may be implemented using the packet forwarding apparatus shown in any of FIGS. 3-7 .
- the method 800 comprises receiving data packets derived from a physical, network-connectable, data capture probe (at block 802 ). While receiving the data packets, configuration information is also received (at block 804 ). With the configuration information and received data packets, a plurality of data packet forwarding paths is defined at block 806 . Each of the data packet forwarding paths is defined such that it forwards at least some of the received data packets to a respective one of a plurality of data packet outputs. Further, at least two of the data packet forwarding paths are defined to forward data packets at different rates. At block 808 , at least one of the plurality of data packet forwarding paths is adaptively reconfigured in response to the received configuration information.
- the data packet forwarding paths defined by the method 800 may comprise real-time and/or non-real-time data packet forwarding paths.
- the data packet forwarding paths may also comprise sampled, filtered or other types of data packet forwarding paths.
- the adaptive reconfiguration of a data packet forwarding path may comprise any of the types of adaptive reconfiguration previously mentioned, including, for example, adaptive reconfiguration of one or more parameters of a data packet sampling circuit or data packet filter.
- the apparatus and methods disclosed herein are useful in several respects.
- the apparatus and methods can be used to adapt an arbitrary or high speed flow of data packets captured from a network to the flow rate(s), data requirement(s) or purpose(s) of one or more downstream consumers or applications.
- data packet streams may be generated to meet application requirements such as the following: (1) timeliness, which refers to how quickly an application expects data packets to arrive relative to their capture; (2) volume, which refers to the amount of data that must be processed, typically a function of the packet arrival rate; (3) longevity, which refers to how long data packets need to be retained; (4) focus, which refers to the type or breadth of data that is considered meaningful to an application's tasks (such as monitoring or analysis); and (5) completeness, which refers to the quantity or statistical significance of data packets required by an application.
- timeliness which refers to how quickly an application expects data packets to arrive relative to their capture
- volume which refers to the amount of data that must be processed, typically a function of the packet arrival rate
- longevity which refers to how long data packets need to be retained
- focus which refers to the type or breadth of data that is considered meaningful to an application's tasks (such as monitoring or analysis); and (5) completeness, which refers to the quantity or statistical significance of data packets
- the apparatus and methods disclosed herein typically scale better than conventional apparatus and methods for capturing and forwarding data packets. That is, so long as a data capture probe and time-stamping circuit are able to initially capture and time-stamp the data packets passing over a network, a combination of real-time, non-real-time, sampled, filtered and/or other types of data packet forwarding paths—receiving data derived from one or more data capture probes—provides various alternate mechanisms for adapting the content and rate of different data packet streams to the needs of downstream consumers or applications.
- the apparatus and methods disclosed herein can reduce or eliminate the need to acquire new or better data capture and forwarding hardware, which can, in turn, lead to financial savings over the currently available data capture and forwarding technologies.
- the methods and apparatus disclosed herein can also improve system reliability (that is, in contrast to distributed systems that rely on multiple discrete data capture probes or packet forwarders). Combining various of the packet forwarding strategies disclosed herein also reduces the deployment cost and configuration complexity that would otherwise exist when large numbers of discrete devices are required to support the scale of the network and traffic shaping requirements of the applications in use.
- the above-described apparatus and methods for capturing and forwarding data packets may be utilized by an exemplary system 900 that supports the needs of various real-time, non-real-time and query-based applications, such as traffic monitoring and analysis applications.
- the system 900 is scalable in that it is designed to process data packets consumed by real-time, non-real time and query-based (on-demand) applications.
- the system also allows applications to register for multiple data packet feeds, and allows applications to change or configure their data packet feeds.
- the system 900 is “adaptive” in the sense that buffering, processing and storage of captured data packets can be dynamically controlled (through buffering, sampling, filtering, and aging), and dynamic control can be employed according to the needs of real-time and non-real time-applications as well as fluctuations between low and high rates of data packet capture.
- the exemplary system 900 ( FIG. 9 ) comprises a data packet capture apparatus 902 and data store 904 , as described in Section 1 of this Detailed Description.
- the system 900 also comprises a packet forwarding apparatus 906 , as described in Section 2 of this Detailed Description.
- the capture apparatus 902 , forwarding apparatus 906 and data store 904 may be more, or less, integrated with one another.
- processing elements In communication with the packet forwarding apparatus 906 is a number of processing elements which, by way of example, may comprise various data packet processing stacks 908 , 910 , 912 , 914 , an optional hardware assisted processing layer (or layers) 916 , and a data store 918 for selective storage and aging of processed data.
- the processing stacks are shown to comprise a real-time sampled stream processing stack 908 , a real-time filtered stream processing stack 910 , a non-real-time stream processing stack 912 and an on-demand query processing stack 914 .
- more or fewer processing stacks could be provided.
- the exemplary system 900 may further comprise a distributed data access layer 920 for providing access to processed data, and an application and presentation layer 922 . Also provided are one or more indicators 924 that indicate to applications how data packets have been processed, as well as one or more configuration interfaces 926 that enable applications or users to configure (or adaptively reconfigure) various elements of the system 900 .
- the optional hardware assisted processing layer 916 may comprise specialized hardware modules that perform high-speed hardware-assisted processing, such as modules that parse complex protocols, split aggregated streams into their individual streams, or perform measurements that are well-suited for hardware implementation, such as making “peg counts.”
- the hardware modules in this layer may be less complex than typical hardware probes because they need not be concerned with the variety of network interfaces that a typical hardware probe must handle. Those responsibilities can be consolidated in the data packet capture apparatus 902 .
- the hardware modules in the layer 916 may be agnostic to the streaming characteristics of the various data packet streams that it receives or forwards. This makes it very simple to add additional modules, without impacting other parts of the system 900 .
- the data packet processing stacks 908 , 910 , 912 , 914 process data to meet the requirements of various downstream applications (such as monitoring and analysis applications).
- the stacks 908 , 910 , 912 , 914 may be more or fewer in number and may comprise any number of subcomponents that perform a variety of processing and storage functions.
- a real-time call flow generation stack might re-create the “signature” of a call by correlating packets from multiple protocols in real-time as the packets pass through the processing stack.
- a non-real-time stack might take a continuous feed of raw data packets and do business intelligence processing on the data in 24-hour intervals.
- processing stacks 908 , 910 , 912 , 914 shown in FIG. 9 are described below.
- the real-time sampled processing stack 908 may utilize the grouping (or “bucketing”) capability of the data packet capture apparatus 902 to provide a statistically valid real-time sampled flow of data packets. That is, the stack 908 may generate a statistically significant sample of data packets taken from the first portion of each packet group stored in the data store 904 .
- the processing performed by the stack 908 can be made cognizant of the fact that data packets are sampled (e.g., via the indicators 924 ) and may thus provide results suitable for sampled data.
- the real-time filtered stream processing stack 910 may utilize application or user-defined filters to limit the set of data packets processed to those data packets matching the filter.
- the stack 910 may process the data packets passed by the filter in real-time. For example, a filter might be created for a subscriber's phone number, such that all calls associated with the subscriber's phone number will be processed.
- the non-real-time stream processing stack 912 may operate on a stream of data packets that are provided at a rate (or rates) lower than a real-time rate. As long as the average processing rate over the interval during which the processing is being done exceeds the average traffic rate over that same interval (and sufficient data storage space is provided by the data store 904 for intermittent traffic bursts), no data will be lost. While the uses of this processing stack will often operate on all of the data stored in the data store 904 , processing of sampled and filtered data sets is also possible.
- the on-demand (query) processing stack 914 may operate on data that is requested from the data store 904 using one or more query mechanisms.
- the potential uses of this processing stack are broad, ranging from post-capture analysis of all data, to “deep dives” or drill-downs on very focused sets of data.
- processing stacks 908 , 910 , 912 , 914 are de-coupled from the data capture and packet forwarding aspects of the system 900 (or at least can be).
- different components of the system can store, forward or process data at different rates.
- all parts of the system 900 can produce statistically significant results.
- Data reduction will often be one of the processing functions that occurs within the processing stacks 908 , 910 , 912 , 914 .
- the processing stacks may be provided with their own storage 918 wherein the reduced data are stored.
- the data storage and retention needs of the reduced data can be considerably different from application to application.
- the processing stacks 908 , 910 , 912 , 914 can be configured to perform selective storage of processed data, whereby only the data that is required by downstream applications is retained—not necessarily all the data all the time.
- the processing stacks 908 , 910 , 912 , 914 may perform selective aging of processed data, whereby various aging algorithms are employed for different types of data, different parts of the network, and various application uses of the data.
- a particular processing stack might have ultimate responsibility for some set of data in the data store 904 , such that when that stack has completed all of its processing on the data, that data can be flagged for deletion.
- the configuration interfaces 926 may provide a feedback mechanism from the processing stacks 908 , 910 , 912 , 914 to the data store 904 , allowing the processing stacks to indicate that the content of a given data packet group (or groups) has been processed and the structures in which the data packet group are stored are available for reuse.
- the processing stacks 908 , 910 , 912 , 914 and related data stores 904 , 918 can be spread across geographically distributed sites and across multiple servers within the same site.
- a distributed data access layer 920 may therefore provide consolidated access to processed data from the stacks 908 , 910 , 912 , 914 or data store 918 , and may provide indirect access to the data in data store 904 .
- the applications 922 may use the distributed data access layer 920 to obtain data that is presented to application users (which user may in some cases be another application).
- application users which user may in some cases be another application.
- application presentations There are no inherent limitations to the types and forms that application presentations can take.
- an interactive application might provide a web-based user interface.
- a reporting application might produce printed reports on various media.
- Another application might provide a data feed for consumption by yet another application.
- the indicator interface 924 may therefore provide a communication channel between the packet forwarding apparatus 906 and the downstream processing stacks 908 , 910 , 912 , 914 and applications 922 .
- the downstream components 908 , 910 , 912 , 914 , 922 can make appropriate processing decisions and provide relevant indicators to their users.
- the system 900 can be used transparently without downstream applications 922 requiring any modification.
- a configuration interface 926 may be shared among the components of the system 900 for the purpose of setting and retrieving these types of configuration parameters (thereby ensuring consistency within the system 900 ).
- the system 900 is designed for the simultaneous operation of multiple instances of data packet forwarding paths and processing stacks. For example, a Customer Care representative who is assisting a customer might need a dedicated query processing stream to drill-down to the data specific to that customer.
- the system 900 may simultaneously: a) Address real-time needs for reliable and immediate notification of major network traffic problems and management of network operations while also addressing non-real-time needs for complete processing of all data to support reporting for network and service planning and certain customer care applications; b) Scale the system's capabilities at least as fast as the rate of growth of customer traffic while limiting the growth in number of devices used by the system to better (less) than linear growth rates; and c) Maintain all captured data (no dropped data) for customer-defined durations while limiting growth in storage requirements and maintaining acceptable system response times.
Abstract
Description
- It is often desirable to capture the data packets that are carried over a network. Captured data packets may then be, for example: analyzed to determine their presence and correctness; sorted for purposes such as call flow analysis; factored into various statistics; or examined to determine the content or completeness of their payloads.
- Illustrative embodiments of the invention are illustrated in the drawings, in which:
-
FIG. 1 illustrates an exemplary data packet capture apparatus; -
FIG. 2 illustrates an exemplary method for capturing data packets from a network; -
FIG. 3 illustrates an exemplary packet forwarding apparatus that may be coupled to, or included in, a data packet capture apparatus such as the apparatus shown inFIG. 1 ; -
FIG. 4 illustrates exemplary real-time and non-real-time data packet interfaces of the data packet receiving interface shown inFIG. 3 ; -
FIG. 5 illustrates i) a single real-time data packet receiving interface that may be coupled to the real-time data packet forwarding interface shown inFIG. 1 , and ii) an additional data store that may be implemented or accessed by a packet forwarding apparatus; -
FIG. 6 illustrates exemplary real-time and non-real-time data packet forwarding paths, as well as sampled and filtered data packet forwarding paths, of a data packet capture apparatus; -
FIG. 7 illustrates an exemplary packet forwarding apparatus comprising a query interface; -
FIG. 8 illustrates an exemplary packet forwarding method; and -
FIG. 9 illustrates an exemplary system that supports the needs of various real-time, non-real-time and query-based applications, such as traffic monitoring and analysis applications. - Network monitoring is often a component of the applications that Service Providers use to manage i) their networks, and ii) the services provided over their networks. These applications capture data packets from the network and perform various types of processing. For example, signaling monitoring applications capture the signaling packets that are used to setup, control, and terminate phone calls; process those packets to recreate individual calls; and compute various measurements that can be used to determine the performance of the network.
- The growth of Service Provider networks and the introduction of increasingly sophisticated services are greatly increasing the volume of traffic to be monitored. Already, the ability of application developers to keep pace with performance requirements is strained. The problem is compounded because keeping pace (linear improvement) is not sufficient, as common scaling approaches (e.g., adding more processing capability) often result in management systems that are too large to cost-effectively deploy and maintain.
- Often, different applications will need access to the same monitored data. However, the applications can vary in the timeliness, volume, longevity, focus, and completeness of the data they require. For example, a troubleshooting application might need a small amount of recently retrieved, very focused data, so that it can provide an immediate answer. In contrast, a business intelligence application might need volumes of complete data so that it can provide insights into the prior month's network performance. Addressing these varying needs is often accomplished through complex routing of traffic feeds, through various data capture and filtering devices.
- At least some of the apparatus and methods disclosed herein are able to adapt the flow of captured data packets to the processing capabilities of one or more applications, thereby enabling the applications to scale at a better-than-linear rate with respect to growth in network traffic.
- For purposes of this description, a “data packet” is defined as any sort of packetized information carried over a network. The packetized information may include, for example, multimedia, voice, data or control information.
-
FIG. 1 illustrates an exemplary datapacket capture apparatus 100. As shown, theapparatus 100 comprises a physical, network-connectabledata capture probe 102. Theapparatus 100 also comprises a time-stamping circuit 104 that is configured to time-stamp the data packets that are captured via thedata capture probe 102. In some cases, the time-stamping circuit 104 may comprise anarrival gate 124 and aclock 126. At thearrival gate 124, times may be retrieved from theclock 126 and associated with captured data packets as time-of-capture time-stamps. In some embodiment, aninterface 130 may be provided for synchronizing the clock's time with a system time. - The
apparatus 100 further comprises 1) a real-timepacket forwarding circuit 106 that is configured to stream data packets captured via thedata capture probe 102 to a real-timedata packet interface 108, and 2) a real-timepacket storing circuit 110 that operates in parallel with the real-timepacket forwarding circuit 106. Acommunication bus 128, data tee or other mechanism provides captured data packets to thecircuits probes 102 could be connected to thecommunication bus 128 and provide data packets to each of the real-timepacket forwarding circuit 106 and the real-timepacket storing circuit 110. - The real-time
packet forwarding circuit 106 is configured to forward data packets to the real-timedata packet interface 108 as soon as possible, while the real-timepacket storing circuit 110 is configured to store the data packets captured via thedata capture probe 102 in adata store 112. Data packets are stored in thedata store 112 in association with their time-of-capture time-stamps. Preferably, all captured data packets are stored in thedata store 112. However, in some cases, a sampled or filtered set of data packets may be stored in thedata store 112. - Depending on its configuration, the data
packet capture apparatus 100 can provide various advantages over conventional data packet capture probes. For example, many applications provide their most useful or complete analyses of network traffic when they are able to review and process all of the data packets that pass over a network. However, the rate at which data propagates over a network, or the burstiness of some data, can sometimes overwhelm the processing capability of an application. In the past, applications have dealt with this issue by simply dropping certain data packets, e.g., by dropping m out of every n data packets received, or by dropping data packets whenever the application's receive buffer(s) reach capacity. The datapacket capture apparatus 100 alleviates this issue by not only forwarding data packets in real-time, but by storing them for non-real-time access. In this manner, an application that knows or presumes it is dropping packets can obtain the dropped packets from thedata store 112. - In some cases, an application may intentionally and routinely drop certain data packets. Such may be the case with an application that provides a high-level snapshot of network traffic. In these cases, an application can sample or filter the real-time data packet stream generated at the real-time
data packet interface 108, and upon identifying an anomaly (or upon receiving a drill-down request from a user), the application may obtain a more granular data packet stream (or simply all data packets in a particular timeframe) from thedata store 112. - The data
packet capture apparatus 100 can also be useful in that it stores data packets in association with their time-stamps. In this manner, an application that obtains a data packet from thedata store 112 can determine the temporal context of the data packet—even though the data packet was not forwarded to the application in real-time. - Depending on how the data
packet capture apparatus 100 is configured, the real-timepacket forwarding circuit 106 may forward data packets with or without their associated time-stamps. If the time-stamping circuit 104 is removed from the path between thedata capture probe 102 and the real-timepacket forwarding circuit 106, the speed at which data packets are forwarded via the real-timepacket forwarding circuit 106 may be increased. However, if data packets are time-stamped upon capture, and then forwarded along with their associated time-stamps via the real-timepacket forwarding circuit 106, downstream applications can construct more accurate analyses of the traffic appearing on a network. - In a simple embodiment, the real-time
packet forwarding circuit 106 may consist of a wire or data transmission path. In other embodiments, the real-timepacket forwarding circuit 106 may comprise other structures, such as a buffer that enables thecircuit 106 to temporarily store bursts of data packets. For purposes of this description, “real-time” packet forwarding is understood to be packet forwarding that is accomplished as soon as possible, possibly with temporary buffering of data packets for seconds or fractions of a second, but without moving data packets to a longer term data store (e.g., for minutes or hours). - The real-time packet storing
circuit 110 may store data packets in thedata store 112 in various ways. In some embodiments, the real-timepacket storing circuit 110 may simply store each data packet in association with its time-stamp. In other embodiments, the real-time packet storingcircuit 110 may associate stored data packets in different groups (i.e., “buckets”). In some cases, the different groups may correspond to different time periods in which data packets are received. For example, time may be broken into consecutive N-second periods, and the data packets received in different N-second periods may be associated in different groups. In other cases, the different groups may correspond to volumes of captured data packets. For example, a new packet group may be formed following the receipt of every M packets. - For ease or speed of access, the different groups of data packets stored in the
data store 112 may be stored in different physical orlogical structures data store 112. Or, for example, first and second consecutively captured groups of data packets may be stored in respective first and second tables or files in thedata store 112. - By way of example, the
data store 112 may comprise one or more disks or servers, or a storage area network (SAN). However, there is no inherent limitation on the type or size of data store used (beyond any existing size limitation of the type of data storage technology used). Also, the storage of data packets in groups (or “buckets”) is not intended as a replacement for disk configurations such as RAID (redundant array of inexpensive disks) configurations. Rather, the storage of data packets in groups is intended to be compatible with data reliability solutions that might be employed (such as RAID). - In some embodiments, the data
packet capture apparatus 100 may further comprise a non-real-time packet interface 120. Alternately, thedata store 112 or another element (not shown) may provide an interface to thedata store 112. In some cases, the real-timepacket storing circuit 110 may set or provide an indicator when all of the data packets of a group have been written to thedata store 112. A non-real-time packet interface, such as theinterface 120, may then provide read access to a particular group of data packets after all of the data packets in the particular group have been stored in thedata store 112. In this manner, faster access may be provided to different groups of data, while also maintaining the integrity of thedata store 112 and any non-real-time stream(s) or data derived therefrom. - In some cases, the non-real-
time packet interface 120 may provide a stream of data packets at a rate that differs from the rate of data packets forwarded via the real-timedata packet interface 108. In other cases, the non-real-time packet interface 120 may provide data packets, or particular groups of data packets, in response to application queries. - The data
packet capture apparatus 100 may also comprise aconfiguration interface 122. Theconfiguration interface 122 enables an application or user to configure or control one or more parameters of the datapacket capture apparatus 100. For example, in some embodiments, input (e.g., configuration information) may be received via theconfiguration interface 122; and in response to this input, the real-timepacket storing circuit 110 may configure, or adaptively reconfigure, at least one parameter of the different groups of data packets stored in thedata store 112. In some cases, the at least one parameter may comprise a time period covered by each group (e.g., N seconds). In other cases, the at least one parameter may comprise a data packet volume (e.g., M data packets). In still other cases, the at least one parameter may comprise the number of the data packet groups, the format of the data packet groups, or a time indicating how long the data in each group should be maintained before being overwritten. Other parameters may also be configured or adaptively reconfigured. - In some embodiments, the
configuration interface 122 may be used to configure the datapacket capture apparatus 100 upon power-up or between data packet capture. In the same or different embodiments, theconfiguration interface 122 can be used to configure the datapacket capture apparatus 100 while data packets are being captured by the datapacket capture apparatus 100. For example, configuration information could be received via theconfiguration interface 122 during data packet capture, and in response to this information, the real-timepacket storing circuit 110 could adaptively reconfigure a parameter of the data packet groups stored in thedata store 112. - The data
packet capture apparatus 100 may be implemented using various technologies, including printed circuit board, integrated circuit, and/or other technologies. In some embodiments, some or all of the circuits of the datapacket capture apparatus 100 may be implemented, at least in part, using a field-programmable gate array (FPGA) or microprocessor. -
FIG. 2 illustrates anexemplary method 200 for capturing data packets from a network. In some cases, themethod 200 may be implemented using the data packet capture apparatus 100 (FIG. 1 ). Themethod 200 comprises capturing the data packets at a physical, network-connectable data capture probe (at block 202). As the data packets are captured, the data packets are time-stamped with time-of-capture time-stamps (at block 204). In parallel, the time-stamped data packets are a) stored (at block 206), and b) forwarded to at least one consumer in real-time (at block 208). - In some embodiments, storing the time-stamped data packets may comprise storing the time-stamped data packets in different groups, such as groups corresponding to different time periods or groups defined in response to volumes of data packets captured. When data packets are stored in different groups, consumer access to a particular group of stored data packets may be provided only after all of the data packets in the particular group have been stored (e.g., on a group-by-group basis). This eliminates read/write conflicts, yet provides access to certain data packets while other data packets are being received.
- In some cases, stored data packets may be automatically streamed from a data store, but at a different rate than data packets forwarded in real-time. In other cases, stored data packets may be retrieved: on a query basis, based on their associated time-stamps, or based on the time-stamp ranges of the groups in which the data packets are stored. In any case, a process (e.g., a consumer or application) that retrieves the data packets from the data store may provide indications that the data packets of particular groups have been read and can be overwritten. Alternately, and by way of example, groups of data packets can be flagged for overwrite after a predetermined period of time.
- The above-described apparatus and methods are useful in many contexts in which data packets passing over a network need to be monitored or analyzed. However, the apparatus and methods are particularly useful when data packets need to be monitored in high-speed or bursty networks, such as networks that carry voice traffic and other streaming media.
- The consumers or applications that receive or retrieve data packets from the data packet capture apparatus 100 (or via the method 200) may take various forms, including those of: network or service monitoring or analysis tools; or real-time or non-real-time applications. Consumers or applications may be hardware or software-based, or may comprise a combination thereof. In some cases, consumers and applications may comprise structures, processes or components that sample, filter, decode or condition the data packets that are forwarded to (or retrieved by) other consumers or applications. To a large extent, the terms “consumer” and “application” are interchangeable.
- The apparatus and methods disclosed herein my be considered “smart” in that they can provide a consumer or application with all of the data packets appearing on a network, and can often do so at a rate or time that is adaptable to the needs of particular consumers or applications (including multiple consumers or applications). In some cases, and as previously described, the apparatus and methods disclosed herein can implement a configuration interface or function. In this manner, the packet rate of a non-real-time stream can be adapted to the need (or changing need) of a particular consumer or application.
- Another advantage of the apparatus and methods disclosed herein is that they scale well. That is, as the speed or volume of traffic on a network increases, a consumer or application may adaptively choose whether it receives a real-time or non-real-time stream of data packets; or, a consumer or application may query the
data store 112 for data packets that it dropped. Also, if a consumer or application intentionally drops data packets, it or its user can later retrieve a more granular data packet view (or all data packets in a particular time period) for purposes such as: a drill-down analysis, a determination of the cause of an anomaly or trend, or a call trace. - Although additional structures and functionality can be integrated into the data packet capture apparatus 100 (
FIG. 1 ), it is noted that its basic time-stamp, store and forward circuits can typically be implemented at relatively little cost. - In some embodiments, the data packets provided by the real-time and non-real-
time interfaces FIG. 3 illustrates an exemplarypacket forwarding apparatus 300 that may be coupled to, or included in, a data packet capture apparatus such as theapparatus 100. - The exemplary
packet forwarding apparatus 300 comprises a datapacket receiving interface 302, a datapacket forwarding interface 304, and aconfiguration interface 306. The datapacket receiving interface 302 may comprise a plurality of inputs, and the datapacket forwarding interface 304 may comprise a plurality of outputs. Theapparatus 300 also comprisescircuitry 308 that defines a plurality of data packet forwarding paths (i.e., two ormore paths 310, 312) between the datapacket receiving interface 302 and the datapacket forwarding interface 304. Thecircuitry 308 defines at least one of the plurality of data packet forwarding paths (and may define all of the data packet forwarding paths) in response to input (e.g., configuration information) received via theconfiguration interface 306. In some embodiments, some or all of the circuitry of thepacket forwarding apparatus 300 may be implemented, at least in part, using a field-programmable gate array (FPGA) or microprocessor. - Also in some embodiments, and as shown in
FIG. 4 , the datapacket receiving interface 302 may comprise a real-time datapacket receiving interface 400 and a non-real-time datapacket receiving interface 402. In these embodiments, thecircuitry 308 may define one or more real-time data packet forwarding paths, such aspaths paths packet forwarding paths packet receiving interface 400. However, the non-real-time datapacket forwarding paths packet receiving interface 402 or the real-time datapacket receiving interface 400. - The real-time data packet forwarding path or
paths paths - For purposes of this description, a “real-time sampled data packet forwarding path” comprises circuitry, such as a data sampling circuit 412 (
FIG. 4 ), that samples received data packets and forwards only a subset of the received data packets. In some embodiments, the set of forwarded data packets may comprise every n-th data packet received, or n packets per a given time period. In other embodiments, more complex sampling algorithms, including pseudo-random sampling, may be employed. In some cases, the sampled data may be selected so that it is statistically significant. For example, the fixed or average sampling frequency may be configured such that the sample rate is correlated to the time periods for which data packets are stored in the data store 112 (FIG. 1 ). A real-time sampled data packet forwarding path can be useful when data packets are captured by adata capture probe 102 at a rate that exceeds the processing capacity of a downstream application. - A “real-time filtered data packet forwarding path” comprises circuitry, such as a
data packet filter 414, that filters received data packets and forwards only a subset of the received data packets. A data packet filter specifies one or more properties of the content of a data packet. As a result, a data packet filter will typically require a partial or full packet decode. Some exemplary data packet filters include: 1) a filter that only forwards packets associated with a particular phone number, 2) a filter that only forwards packets associated with a particular internet protocol (IP) address, or 3) a filter that only forwards real-time protocol (RTP) packets. Combinations of these and other filters may also be employed. - Because a filtered data packet forwarding path typically needs to parse decoded packet information, the packet forwarding apparatus 300 (
FIGS. 3 & 4 ) is shown to include anoptional packet decoder 314. Thepacket decoder 314 may locate various (or all) of the data fields contained in received data packets. Although thepacket decoder 314 is coupled to the datapacket receiving interface 302, the packet decoder 314 (or another packet decoder) could be positioned elsewhere in the packet flow. For example, in some cases, a packet decoder could be included in the circuitry that defines a particular datapacket forwarding path - Non-real-time sampled or filtered data packet forwarding paths may operate similarly to real-time sampled or filtered data packet forwarding paths. However, non-real-time forwarding paths may operate on a non-real-time data packet stream, or on a group of data packets spanning a particular time period.
- In some embodiments, the data
packet receiving interface 302 of thepacket forwarding apparatus 300 may be coupled to a physical, network-connectable, data capture probe, such as the data capture probe 102 (FIG. 1 ). In these embodiments, thepacket forwarding apparatus 300 may be coupled to the datapacket capture apparatus 100 in a variety of ways. For example, in some cases, thepacket forwarding apparatus 300 may be implemented separately from the datapacket capture apparatus 100. In these cases, the real-time and non-real-time datapacket receiving interfaces FIG. 4 may be respectively coupled to the real-time and non-real-time data packet interfaces 108, 120 shown inFIG. 1 . The data store 112 (FIG. 1 ) may therefore provide some or all of the storage or caching requirements of a non-real-time data packetforward path packet receiving interface 502 of a packet forwarding apparatus 500 (FIG. 5 ) may be coupled to the real-time data packet interface 108 (FIG. 1 ), andcircuitry 504 may provide real-time and non-real-time datapacket forwarding paths interface 502 and theinterface 304. In this embodiment, anadditional data store 510 may be implemented or accessed by thepacket forwarding apparatus 500. As shown inFIG. 5 , the non-real-time datapacket forwarding path 508 may first route data packets received at theinterface 502 to thedata store 510, and then retrieve some or all of the data packets stored in thedata store 510 for forwarding via theinterface 304. - In other embodiments, part or all of the
packet forwarding apparatus 300 may be integrated into the datapacket capture apparatus 100. For example, and as shown inFIG. 6 , real-time and/or non-real-time sampled or filtered datapacket forwarding paths packet capture apparatus 600. - In any of the above embodiments, non-real-time data packet forwarding paths such as the
paths FIG. 4 )). Alternately, thecircuitry 308 of thepacket forwarding apparatus 300 may comprise a query interface 700 (FIG. 7 ), and one or more of the non-real-time datapacket forwarding paths query interface 700. Thequery interface 700 may be operated, directly or indirectly, in response to application requests for particular time periods or groups of data packets. Alternately, thequery interface 700 may be operated in response to the processing capability of the packet forwarding apparatus 300 (e.g., thepacket forwarding apparatus 300 may request a next group of data packets when it is ready to process it). In yet other embodiments, thequery interface 700 may be implemented externally from thepacket forwarding apparatus 300. - In addition to non-real-time data packet forwarding paths relying on a data store 112 (
FIG. 1 ) or 504 (FIG. 5 ), any data packet forwarding path, whether real-time or non-real-time, may incorporate structures such as buffers. Buffering enables forwarding paths to i) temporarily store bursts of data packets in a real-time data packet stream, or ii) adapt to differences in processing rates between forwarding paths and downstream consumers or applications. - Exemplary implementations and uses of the configuration interface 306 (as shown in
FIGS. 3-7 ) will now be discussed. - Input received via the
configuration interface 306 may be used in a variety of ways and for a variety of purposes. For example, input received via theconfiguration interface 306 may be used to configure, or adaptively reconfigure, one or more datapacket forwarding paths apparatus 300 is being used. Thus, for example, the datapacket forwarding apparatus 300 may be adaptively reconfigured while data packets are being received by, or output from, theapparatus 300. - Consider, for example, a data
packet forwarding path 404 that comprises a datapacket sampling circuit 412 or a data packet filter 414 (FIG. 4 ). In such cases, input received via theconfiguration interface 306 may be used to adaptively reconfigure at least one parameter of the datapacket sampling circuit 412 ordata packet filter 414. In this manner, an application could adapt a stream of data packets generated at the datapacket forwarding interface 304—in response, for example, to changes in the processing capability of the application; to filling of an application's data store(s); or to anomalies or changes noted in the stream of data packets generated at the datapacket forwarding interface 304. A stream of data packets may also be adapted to application user preferences, or in response to a drill-down request. - In addition to (or instead of) using input received via the
configuration interface 306 to configure or reconfigure a data packet forwarding path, input received via theconfiguration interface 306 may indicate the data packet forwarding path(s) to which a consumer or application would like to register or subscribe. Or, input received via a configuration interface may be used to instantiate or decommission one or more data packet forwarding paths. For example, if a new or existing application desires to receive a new or different type of data packet stream, the application can request the instantiation of a new data packet forwarding path. Instantiation of a new data packet forwarding path can be supported, for example, by an FPGA or other type of programmable circuit. Of note, it is envisioned that multiple applications can subscribe to, or receive data packets from, a single data packet forwarding path. It is also envisioned that a single application can register to receive data packets from multiple data packet forwarding paths. - Input received via the
configuration interface 306 may also be used to configure whether a data packet forwarding path forwards raw data packets or decoded data packets (or some combination thereof. For purposes of this description the phrase “decoded data packets” reads on both fully decoded packets and partially decoded data packets. -
FIG. 8 illustrates an exemplarypacket forwarding method 800. In some cases, themethod 800 may be implemented using the packet forwarding apparatus shown in any ofFIGS. 3-7 . Themethod 800 comprises receiving data packets derived from a physical, network-connectable, data capture probe (at block 802). While receiving the data packets, configuration information is also received (at block 804). With the configuration information and received data packets, a plurality of data packet forwarding paths is defined atblock 806. Each of the data packet forwarding paths is defined such that it forwards at least some of the received data packets to a respective one of a plurality of data packet outputs. Further, at least two of the data packet forwarding paths are defined to forward data packets at different rates. Atblock 808, at least one of the plurality of data packet forwarding paths is adaptively reconfigured in response to the received configuration information. - The data packet forwarding paths defined by the
method 800 may comprise real-time and/or non-real-time data packet forwarding paths. The data packet forwarding paths may also comprise sampled, filtered or other types of data packet forwarding paths. The adaptive reconfiguration of a data packet forwarding path may comprise any of the types of adaptive reconfiguration previously mentioned, including, for example, adaptive reconfiguration of one or more parameters of a data packet sampling circuit or data packet filter. - The apparatus and methods disclosed herein are useful in several respects. For example, the apparatus and methods can be used to adapt an arbitrary or high speed flow of data packets captured from a network to the flow rate(s), data requirement(s) or purpose(s) of one or more downstream consumers or applications.
- Via real-time, non-real-time, sampled, filtered or other types of data packet forwarding paths, data packet streams may be generated to meet application requirements such as the following: (1) timeliness, which refers to how quickly an application expects data packets to arrive relative to their capture; (2) volume, which refers to the amount of data that must be processed, typically a function of the packet arrival rate; (3) longevity, which refers to how long data packets need to be retained; (4) focus, which refers to the type or breadth of data that is considered meaningful to an application's tasks (such as monitoring or analysis); and (5) completeness, which refers to the quantity or statistical significance of data packets required by an application. For an example of varying degrees of “focus”, consider 1) the troubleshooting of an individual phone call, which troubleshooting may require very focused data (e.g., data pertaining to a particular call) versus 2) the presentation of a “dashboard” summary of network performance, which summary may require much less focused data.
- The apparatus and methods disclosed herein typically scale better than conventional apparatus and methods for capturing and forwarding data packets. That is, so long as a data capture probe and time-stamping circuit are able to initially capture and time-stamp the data packets passing over a network, a combination of real-time, non-real-time, sampled, filtered and/or other types of data packet forwarding paths—receiving data derived from one or more data capture probes—provides various alternate mechanisms for adapting the content and rate of different data packet streams to the needs of downstream consumers or applications. If the flow of data packets over a network increases, or is bursty, consumers or applications that lack the processing capability to adapt can subscribe to or instantiate data packet forwarding paths that 1) forward data packets at different rates, or 2) forward only selected data packets. Also, when conditions dictate, a consumer or application can rely more heavily on a non-real-time data packet forwarding path. Thus, the apparatus and methods disclosed herein can reduce or eliminate the need to acquire new or better data capture and forwarding hardware, which can, in turn, lead to financial savings over the currently available data capture and forwarding technologies.
- By providing multiple data packet forwarding paths based on a common collection of captured data packets, the methods and apparatus disclosed herein can also improve system reliability (that is, in contrast to distributed systems that rely on multiple discrete data capture probes or packet forwarders). Combining various of the packet forwarding strategies disclosed herein also reduces the deployment cost and configuration complexity that would otherwise exist when large numbers of discrete devices are required to support the scale of the network and traffic shaping requirements of the applications in use.
- As shown in
FIG. 9 , the above-described apparatus and methods for capturing and forwarding data packets may be utilized by anexemplary system 900 that supports the needs of various real-time, non-real-time and query-based applications, such as traffic monitoring and analysis applications. - The
system 900 is scalable in that it is designed to process data packets consumed by real-time, non-real time and query-based (on-demand) applications. The system also allows applications to register for multiple data packet feeds, and allows applications to change or configure their data packet feeds. - The
system 900 is “adaptive” in the sense that buffering, processing and storage of captured data packets can be dynamically controlled (through buffering, sampling, filtering, and aging), and dynamic control can be employed according to the needs of real-time and non-real time-applications as well as fluctuations between low and high rates of data packet capture. - The exemplary system 900 (
FIG. 9 ) comprises a data packet capture apparatus 902 anddata store 904, as described in Section 1 of this Detailed Description. Thesystem 900 also comprises a packet forwarding apparatus 906, as described in Section 2 of this Detailed Description. As described in Sections 1 and 2, the capture apparatus 902, forwarding apparatus 906 anddata store 904 may be more, or less, integrated with one another. - In communication with the packet forwarding apparatus 906 is a number of processing elements which, by way of example, may comprise various data packet processing stacks 908, 910, 912, 914, an optional hardware assisted processing layer (or layers) 916, and a
data store 918 for selective storage and aging of processed data. By way of example, the processing stacks are shown to comprise a real-time sampledstream processing stack 908, a real-time filteredstream processing stack 910, a non-real-timestream processing stack 912 and an on-demandquery processing stack 914. However, in different configurations of thesystem 900, more or fewer processing stacks could be provided. - The
exemplary system 900 may further comprise a distributeddata access layer 920 for providing access to processed data, and an application andpresentation layer 922. Also provided are one ormore indicators 924 that indicate to applications how data packets have been processed, as well as one ormore configuration interfaces 926 that enable applications or users to configure (or adaptively reconfigure) various elements of thesystem 900. - Exemplary implementations of system elements other than the data packet capture apparatus 902, the
data store 904, and the packet forwarding apparatus 906 will now be described. - The optional hardware assisted
processing layer 916 may comprise specialized hardware modules that perform high-speed hardware-assisted processing, such as modules that parse complex protocols, split aggregated streams into their individual streams, or perform measurements that are well-suited for hardware implementation, such as making “peg counts.” The hardware modules in this layer may be less complex than typical hardware probes because they need not be concerned with the variety of network interfaces that a typical hardware probe must handle. Those responsibilities can be consolidated in the data packet capture apparatus 902. The hardware modules in thelayer 916 may be agnostic to the streaming characteristics of the various data packet streams that it receives or forwards. This makes it very simple to add additional modules, without impacting other parts of thesystem 900. - The data packet processing stacks 908, 910, 912, 914 process data to meet the requirements of various downstream applications (such as monitoring and analysis applications). The
stacks - Exemplary implementations of the processing stacks 908, 910, 912, 914 shown in
FIG. 9 are described below. - The real-time sampled
processing stack 908 may utilize the grouping (or “bucketing”) capability of the data packet capture apparatus 902 to provide a statistically valid real-time sampled flow of data packets. That is, thestack 908 may generate a statistically significant sample of data packets taken from the first portion of each packet group stored in thedata store 904. The processing performed by thestack 908 can be made cognizant of the fact that data packets are sampled (e.g., via the indicators 924) and may thus provide results suitable for sampled data. - The real-time filtered
stream processing stack 910 may utilize application or user-defined filters to limit the set of data packets processed to those data packets matching the filter. Thestack 910 may process the data packets passed by the filter in real-time. For example, a filter might be created for a subscriber's phone number, such that all calls associated with the subscriber's phone number will be processed. - The non-real-time
stream processing stack 912 may operate on a stream of data packets that are provided at a rate (or rates) lower than a real-time rate. As long as the average processing rate over the interval during which the processing is being done exceeds the average traffic rate over that same interval (and sufficient data storage space is provided by thedata store 904 for intermittent traffic bursts), no data will be lost. While the uses of this processing stack will often operate on all of the data stored in thedata store 904, processing of sampled and filtered data sets is also possible. - The on-demand (query)
processing stack 914 may operate on data that is requested from thedata store 904 using one or more query mechanisms. The potential uses of this processing stack are broad, ranging from post-capture analysis of all data, to “deep dives” or drill-downs on very focused sets of data. - Of note, the processing stacks 908, 910, 912, 914 are de-coupled from the data capture and packet forwarding aspects of the system 900 (or at least can be). Thus, different components of the system can store, forward or process data at different rates. Yet, because of the time-stamping of captured data packets, all parts of the
system 900 can produce statistically significant results. - There are no inherent restrictions on the data output interfaces of the
various processing stacks - Data reduction will often be one of the processing functions that occurs within the processing stacks 908, 910, 912, 914. As a result, the processing stacks may be provided with their
own storage 918 wherein the reduced data are stored. The data storage and retention needs of the reduced data can be considerably different from application to application. In some cases, the processing stacks 908, 910, 912, 914 can be configured to perform selective storage of processed data, whereby only the data that is required by downstream applications is retained—not necessarily all the data all the time. Correspondingly, the processing stacks 908, 910, 912, 914 may perform selective aging of processed data, whereby various aging algorithms are employed for different types of data, different parts of the network, and various application uses of the data. - In some cases, a particular processing stack might have ultimate responsibility for some set of data in the
data store 904, such that when that stack has completed all of its processing on the data, that data can be flagged for deletion. The configuration interfaces 926 may provide a feedback mechanism from the processing stacks 908, 910, 912, 914 to thedata store 904, allowing the processing stacks to indicate that the content of a given data packet group (or groups) has been processed and the structures in which the data packet group are stored are available for reuse. - In some cases, the processing stacks 908, 910, 912, 914 and
related data stores data access layer 920 may therefore provide consolidated access to processed data from thestacks data store 918, and may provide indirect access to the data indata store 904. - The
applications 922 may use the distributeddata access layer 920 to obtain data that is presented to application users (which user may in some cases be another application). There are no inherent limitations to the types and forms that application presentations can take. For example, an interactive application might provide a web-based user interface. A reporting application might produce printed reports on various media. Another application might provide a data feed for consumption by yet another application. - Applications that operate on sampled data often need to provide indicators (such as visual cues) that results were produced on a subset of captured data instead of all of the data. The
indicator interface 924 may therefore provide a communication channel between the packet forwarding apparatus 906 and the downstream processing stacks 908, 910, 912, 914 andapplications 922. As a result of these indicators, thedownstream components application 922 is indifferent to whether or not data is sampled, thesystem 900 can be used transparently withoutdownstream applications 922 requiring any modification. - It will often be useful for various components of the
system 900 to share configuration parameters so that they can operate in synchronization with each other. For example, if the “bucketing” interval used in thedata store 904 is thirty seconds, a real-time data packet forwarding path (or circuit) should operate on the same interval. Likewise, the downstream processing stacks 908, 910 andapplications 922 may need to know the interval in the event they need to drill-down to data packets stored in thedata store 904. As a result, aconfiguration interface 926 may be shared among the components of thesystem 900 for the purpose of setting and retrieving these types of configuration parameters (thereby ensuring consistency within the system 900). - The
system 900 is designed for the simultaneous operation of multiple instances of data packet forwarding paths and processing stacks. For example, a Customer Care representative who is assisting a customer might need a dedicated query processing stream to drill-down to the data specific to that customer. - In some embodiments, the
system 900 may simultaneously: a) Address real-time needs for reliable and immediate notification of major network traffic problems and management of network operations while also addressing non-real-time needs for complete processing of all data to support reporting for network and service planning and certain customer care applications; b) Scale the system's capabilities at least as fast as the rate of growth of customer traffic while limiting the growth in number of devices used by the system to better (less) than linear growth rates; and c) Maintain all captured data (no dropped data) for customer-defined durations while limiting growth in storage requirements and maintaining acceptable system response times.
Claims (19)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/533,957 US9270542B2 (en) | 2009-07-31 | 2009-07-31 | Apparatus and methods for forwarding data packets captured from a network |
US15/012,801 US10616098B2 (en) | 2009-07-31 | 2016-02-01 | Apparatus and methods for forwarding data packets captured from a network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/533,957 US9270542B2 (en) | 2009-07-31 | 2009-07-31 | Apparatus and methods for forwarding data packets captured from a network |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/012,801 Continuation US10616098B2 (en) | 2009-07-31 | 2016-02-01 | Apparatus and methods for forwarding data packets captured from a network |
Publications (2)
Publication Number | Publication Date |
---|---|
US20110026521A1 true US20110026521A1 (en) | 2011-02-03 |
US9270542B2 US9270542B2 (en) | 2016-02-23 |
Family
ID=43526933
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/533,957 Active 2029-11-19 US9270542B2 (en) | 2009-07-31 | 2009-07-31 | Apparatus and methods for forwarding data packets captured from a network |
US15/012,801 Active 2030-06-25 US10616098B2 (en) | 2009-07-31 | 2016-02-01 | Apparatus and methods for forwarding data packets captured from a network |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/012,801 Active 2030-06-25 US10616098B2 (en) | 2009-07-31 | 2016-02-01 | Apparatus and methods for forwarding data packets captured from a network |
Country Status (1)
Country | Link |
---|---|
US (2) | US9270542B2 (en) |
Cited By (72)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090138577A1 (en) * | 2007-09-26 | 2009-05-28 | Nicira Networks | Network operating system for managing and securing networks |
US20100257263A1 (en) * | 2009-04-01 | 2010-10-07 | Nicira Networks, Inc. | Method and apparatus for implementing and managing virtual switches |
US20110026406A1 (en) * | 2009-07-31 | 2011-02-03 | Gamage Nimal K K | Apparatus and methods for capturing data packets from a network |
US20110103237A1 (en) * | 2009-10-29 | 2011-05-05 | Fluke Corporation | Method and apparatus for the efficient indexing and storage of network traffic |
WO2013063332A1 (en) * | 2011-10-25 | 2013-05-02 | Nicira, Inc. | Network virtualization apparatus and method with scheduling capabilities |
US20130311609A1 (en) * | 2011-01-28 | 2013-11-21 | Napatech A/S | An apparatus and a method for receiving and forwarding data packets |
US8717895B2 (en) | 2010-07-06 | 2014-05-06 | Nicira, Inc. | Network virtualization apparatus and method with a table mapping engine |
US8964528B2 (en) | 2010-07-06 | 2015-02-24 | Nicira, Inc. | Method and apparatus for robust packet distribution among hierarchical managed switching elements |
US9043452B2 (en) | 2011-05-04 | 2015-05-26 | Nicira, Inc. | Network control apparatus and method for port isolation |
US9137107B2 (en) | 2011-10-25 | 2015-09-15 | Nicira, Inc. | Physical controllers for converting universal flows |
US9154433B2 (en) | 2011-10-25 | 2015-10-06 | Nicira, Inc. | Physical controller |
US9203701B2 (en) | 2011-10-25 | 2015-12-01 | Nicira, Inc. | Network virtualization apparatus and method with scheduling capabilities |
US9288104B2 (en) | 2011-10-25 | 2016-03-15 | Nicira, Inc. | Chassis controllers for converting universal flows |
US20160127180A1 (en) * | 2014-10-30 | 2016-05-05 | Splunk Inc. | Streamlining configuration of protocol-based network data capture by remote capture agents |
US9350696B2 (en) | 2011-08-17 | 2016-05-24 | Nicira, Inc. | Handling NAT in logical L3 routing |
US9444651B2 (en) | 2011-08-17 | 2016-09-13 | Nicira, Inc. | Flow generation from second level controller to first level controller to managed switching element |
US9455901B2 (en) | 2013-10-04 | 2016-09-27 | Nicira, Inc. | Managing software and hardware forwarding elements to define virtual networks |
US9525647B2 (en) | 2010-07-06 | 2016-12-20 | Nicira, Inc. | Network control apparatus and method for creating and modifying logical switching elements |
US9571296B2 (en) | 2014-04-30 | 2017-02-14 | Ixia | Methods and apparatuses for abstracting filters in a network visibility infrastructure |
JP2017046270A (en) * | 2015-08-28 | 2017-03-02 | 株式会社Ihi | Relay server, relay method and relay program |
US9596253B2 (en) | 2014-10-30 | 2017-03-14 | Splunk Inc. | Capture triggers for capturing network data |
US9621468B1 (en) * | 2014-12-05 | 2017-04-11 | Amazon Technologies, Inc. | Packet transmission scheduler |
US9680750B2 (en) | 2010-07-06 | 2017-06-13 | Nicira, Inc. | Use of tunnels to hide network addresses |
US9762443B2 (en) | 2014-04-15 | 2017-09-12 | Splunk Inc. | Transformation of network data at remote capture agents |
US9806968B2 (en) | 2010-04-23 | 2017-10-31 | Ixia | Integrated network data collection arrangement and methods thereof |
US9838512B2 (en) | 2014-10-30 | 2017-12-05 | Splunk Inc. | Protocol-based capture of network data using remote capture agents |
US20180074967A1 (en) * | 2016-09-09 | 2018-03-15 | Sap Se | Paging Mechanism for In-Memory Data Management System |
US20180074970A1 (en) * | 2016-09-09 | 2018-03-15 | Sap Se | Cache-Efficient Fragmentation of Data Structures |
US9923760B2 (en) | 2015-04-06 | 2018-03-20 | Nicira, Inc. | Reduction of churn in a network control system |
US9923767B2 (en) | 2014-04-15 | 2018-03-20 | Splunk Inc. | Dynamic configuration of remote capture agents for network data capture |
US9967150B2 (en) | 2014-04-30 | 2018-05-08 | Keysight Technologies Singapore (Holdings) Pte. Ltd. | Methods and apparatuses for implementing network visibility infrastructure |
US9979739B2 (en) | 2013-01-16 | 2018-05-22 | Palo Alto Networks (Israel Analytics) Ltd. | Automated forensics of computer systems using behavioral intelligence |
US9998324B2 (en) | 2015-09-30 | 2018-06-12 | Nicira, Inc. | Logical L3 processing for L2 hardware switches |
US10033579B2 (en) | 2012-04-18 | 2018-07-24 | Nicira, Inc. | Using transactions to compute and propagate network forwarding state |
US10089127B2 (en) | 2011-11-15 | 2018-10-02 | Nicira, Inc. | Control plane interface for logical middlebox services |
US10103939B2 (en) | 2010-07-06 | 2018-10-16 | Nicira, Inc. | Network control apparatus and method for populating logical datapath sets |
US20180316592A1 (en) * | 2017-04-26 | 2018-11-01 | Microsemi Storage Solutions, Inc. | Scheduled network setup test method and system |
US10127273B2 (en) | 2014-04-15 | 2018-11-13 | Splunk Inc. | Distributed processing of network data using remote capture agents |
US10182035B2 (en) | 2016-06-29 | 2019-01-15 | Nicira, Inc. | Implementing logical network security on a hardware switch |
US10204122B2 (en) | 2015-09-30 | 2019-02-12 | Nicira, Inc. | Implementing an interface between tuple and message-driven control entities |
US10230576B2 (en) | 2015-09-30 | 2019-03-12 | Nicira, Inc. | Managing administrative statuses of hardware VTEPs |
US10250553B2 (en) | 2015-11-03 | 2019-04-02 | Nicira, Inc. | ARP offloading for managed hardware forwarding elements |
US10263828B2 (en) | 2015-09-30 | 2019-04-16 | Nicira, Inc. | Preventing concurrent distribution of network data to a hardware switch by multiple controllers |
US10313186B2 (en) | 2015-08-31 | 2019-06-04 | Nicira, Inc. | Scalable controller for hardware VTEPS |
US10321655B1 (en) * | 2018-02-22 | 2019-06-18 | Seminis Vegetable Seeds, Inc. | Pepper hybrid SVHW4851 and parents thereof |
US10321656B1 (en) * | 2018-02-22 | 2019-06-18 | Seminis Vegetable Seeds, Inc. | Pepper hybrid SV2496HJ and parents thereof |
US10334085B2 (en) | 2015-01-29 | 2019-06-25 | Splunk Inc. | Facilitating custom content extraction from network packets |
US10356106B2 (en) | 2011-07-26 | 2019-07-16 | Palo Alto Networks (Israel Analytics) Ltd. | Detecting anomaly action within a computer network |
US10360196B2 (en) | 2014-04-15 | 2019-07-23 | Splunk Inc. | Grouping and managing event streams generated from captured network data |
US10366101B2 (en) | 2014-04-15 | 2019-07-30 | Splunk Inc. | Bidirectional linking of ephemeral event streams to creators of the ephemeral event streams |
US10411912B2 (en) | 2015-04-17 | 2019-09-10 | Nicira, Inc. | Managing tunnel endpoints for facilitating creation of logical networks |
US10447618B2 (en) | 2015-09-30 | 2019-10-15 | Nicira, Inc. | IP aliases in logical networks with hardware switches |
US10462004B2 (en) | 2014-04-15 | 2019-10-29 | Splunk Inc. | Visualizations of statistics associated with captured network data |
US10523521B2 (en) | 2014-04-15 | 2019-12-31 | Splunk Inc. | Managing ephemeral event streams generated from captured network data |
US10554484B2 (en) | 2015-06-26 | 2020-02-04 | Nicira, Inc. | Control plane integration with hardware switches |
US10616098B2 (en) | 2009-07-31 | 2020-04-07 | Keysight Technologies Singapore (Sales) Pte. Ltd. | Apparatus and methods for forwarding data packets captured from a network |
US10693742B2 (en) | 2014-04-15 | 2020-06-23 | Splunk Inc. | Inline visualizations of metrics related to captured network data |
US10700950B2 (en) | 2014-04-15 | 2020-06-30 | Splunk Inc. | Adjusting network data storage based on event stream statistics |
US10904075B2 (en) | 2012-07-02 | 2021-01-26 | Keysight Technologies Singapore (Sales) Pte. Ltd. | Preconfigured filters, dynamic updates and cloud based configurations in a network access switch |
US10999304B2 (en) | 2018-04-11 | 2021-05-04 | Palo Alto Networks (Israel Analytics) Ltd. | Bind shell attack detection |
US11019167B2 (en) | 2016-04-29 | 2021-05-25 | Nicira, Inc. | Management of update queues for network controller |
US11070569B2 (en) | 2019-01-30 | 2021-07-20 | Palo Alto Networks (Israel Analytics) Ltd. | Detecting outlier pairs of scanned ports |
US11086897B2 (en) | 2014-04-15 | 2021-08-10 | Splunk Inc. | Linking event streams across applications of a data intake and query system |
US11184378B2 (en) | 2019-01-30 | 2021-11-23 | Palo Alto Networks (Israel Analytics) Ltd. | Scanner probe detection |
US11184377B2 (en) | 2019-01-30 | 2021-11-23 | Palo Alto Networks (Israel Analytics) Ltd. | Malicious port scan detection using source profiles |
US11184376B2 (en) | 2019-01-30 | 2021-11-23 | Palo Alto Networks (Israel Analytics) Ltd. | Port scan detection using destination profiles |
US11245621B2 (en) | 2015-07-31 | 2022-02-08 | Nicira, Inc. | Enabling hardware switches to perform logical routing functionalities |
US11281643B2 (en) | 2014-04-15 | 2022-03-22 | Splunk Inc. | Generating event streams including aggregated values from monitored network data |
US11316872B2 (en) | 2019-01-30 | 2022-04-26 | Palo Alto Networks (Israel Analytics) Ltd. | Malicious port scan detection using port profiles |
US11509680B2 (en) | 2020-09-30 | 2022-11-22 | Palo Alto Networks (Israel Analytics) Ltd. | Classification of cyber-alerts into security incidents |
US11799880B2 (en) | 2022-01-10 | 2023-10-24 | Palo Alto Networks (Israel Analytics) Ltd. | Network adaptive alert prioritization system |
US11973852B2 (en) | 2021-09-03 | 2024-04-30 | Splunk Inc. | Generating event data at remote capture agents based on identified network addresses |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9483409B2 (en) | 2015-02-05 | 2016-11-01 | International Business Machines Corporation | Store forwarding cache |
Citations (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5343473A (en) * | 1992-08-07 | 1994-08-30 | International Business Machines Corporation | Method of determining whether to use preempt/resume or alternate protocol for data transmission |
US5867763A (en) * | 1996-02-08 | 1999-02-02 | Qualcomm Incorporated | Method and apparatus for integration of a wireless communication system with a cable T.V. system |
US6130887A (en) * | 1996-09-30 | 2000-10-10 | Amsc Subsidairy Corporation | Methods of dynamically switching return channel transmissions of time-division multiple-access (TDMA) communication systems between signalling burst transmissions and message transmissions |
US20020073136A1 (en) * | 2000-12-07 | 2002-06-13 | Tomoaki Itoh | Data reproduction method, data receiving terminal and data receiving method |
US6505255B1 (en) * | 1999-04-29 | 2003-01-07 | Mitsubishi Electric Information Technology Center America, Inc. (Ita) | Method for formatting and routing data between an external network and an internal network |
US20030172123A1 (en) * | 2001-11-28 | 2003-09-11 | Sypris Data Systems, Inc. | Real-time data acquisition and storage network |
US20040015613A1 (en) * | 2001-07-12 | 2004-01-22 | Kenji Ikeda | Integrated circuit device |
US6907001B1 (en) * | 1998-11-12 | 2005-06-14 | Hitachi, Ltd. | Packet switch for switching variable length packets in the form of ATM cells |
US20050282502A1 (en) * | 2004-06-21 | 2005-12-22 | Elektrobit Oy. | System, apparatus, method and computer program for producing signals for testing radio frequency communication devices |
US7286652B1 (en) * | 2000-05-31 | 2007-10-23 | 3Com Corporation | Four channel audio recording in a packet based network |
US20080052784A1 (en) * | 2006-08-22 | 2008-02-28 | Wiley William L | System and method for restricting access to network performance information tables |
US20080170561A1 (en) * | 2007-01-11 | 2008-07-17 | Eran Halbraich | Branch IP recording |
US7424018B2 (en) * | 2004-05-05 | 2008-09-09 | Gigamon Systems Llc | Asymmetric packet switch and a method of use |
US7515650B1 (en) * | 2000-01-27 | 2009-04-07 | Pmc-Sierra, Inc. | Quadrature modulation compensation |
US20090190589A1 (en) * | 2008-01-28 | 2009-07-30 | Amrik Bains | Flexible time stamping |
US7596356B2 (en) * | 2006-12-19 | 2009-09-29 | Broadcom Corporation | On-chip baseband-to-RF interface and applications thereof |
US20100135164A1 (en) * | 2008-12-02 | 2010-06-03 | Broadcom Corporation | Millimeter wave probing of components via a probe device and methods for use therewith |
US20110026406A1 (en) * | 2009-07-31 | 2011-02-03 | Gamage Nimal K K | Apparatus and methods for capturing data packets from a network |
US7945216B2 (en) * | 2006-12-20 | 2011-05-17 | Broadcom Corporation | Single chip wireless transceiver operable to perform voice, data and radio frequency (RF) processing |
US8446916B2 (en) * | 2008-10-24 | 2013-05-21 | Juniper Networks, Inc. | Flow consistent dynamic load balancing |
Family Cites Families (46)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5983270A (en) | 1997-03-11 | 1999-11-09 | Sequel Technology Corporation | Method and apparatus for managing internetwork and intranetwork activity |
US6286052B1 (en) | 1998-12-04 | 2001-09-04 | Cisco Technology, Inc. | Method and apparatus for identifying network data traffic flows and for applying quality of service treatments to the flows |
US6678250B1 (en) | 1999-02-19 | 2004-01-13 | 3Com Corporation | Method and system for monitoring and management of the performance of real-time networks |
US20080215477A1 (en) | 2000-01-21 | 2008-09-04 | Annunziata Vincent P | System for trading commodities and the like |
US6814510B1 (en) | 2000-08-02 | 2004-11-09 | Xerox Corporation | Method and apparatus for automatic update of a printer driver configuration and status |
US8660869B2 (en) | 2001-10-11 | 2014-02-25 | Adobe Systems Incorporated | System, method, and computer program product for processing and visualization of information |
JP4149168B2 (en) | 2001-11-09 | 2008-09-10 | 株式会社半導体エネルギー研究所 | Light emitting device |
US7769873B1 (en) * | 2002-10-25 | 2010-08-03 | Juniper Networks, Inc. | Dynamically inserting filters into forwarding paths of a network device |
US7394761B2 (en) | 2003-04-29 | 2008-07-01 | Avocent Huntsville Corporation | System and method for delivering messages using alternate modes of communication |
US7496661B1 (en) | 2004-03-29 | 2009-02-24 | Packeteer, Inc. | Adaptive, application-aware selection of differentiated network services |
US8281031B2 (en) * | 2005-01-28 | 2012-10-02 | Standard Microsystems Corporation | High speed ethernet MAC and PHY apparatus with a filter based ethernet packet router with priority queuing and single or multiple transport stream interfaces |
US7509116B2 (en) | 2005-03-30 | 2009-03-24 | Genx Mobile Incorporated | Selective data exchange with a remotely configurable mobile unit |
US20060294221A1 (en) | 2005-06-22 | 2006-12-28 | Sven Graupner | System for programmatically controlling measurements in monitoring sources |
US7839870B2 (en) | 2005-11-23 | 2010-11-23 | Comcast Cable Holdings, Llc | Device-to-device communication among customer premise equipment devices |
US20070189272A1 (en) | 2006-02-10 | 2007-08-16 | Cypheredge Technologies | Device analysis system for tracking device operations within a wireless network |
US7873702B2 (en) | 2006-03-31 | 2011-01-18 | Masstech Group Inc. | Distributed redundant adaptive cluster |
US8306063B2 (en) | 2006-08-29 | 2012-11-06 | EXFO Services Assurance, Inc. | Real-time transport protocol stream detection system and method |
EP2092763B1 (en) | 2006-10-23 | 2019-03-27 | T-Mobile USA, Inc. | System and method for managing access point functionality and configuration |
US7685263B2 (en) | 2006-12-19 | 2010-03-23 | Blue Coat Systems, Inc. | Method and system for configuring a device with a wireless mobile configurator |
US7835348B2 (en) | 2006-12-30 | 2010-11-16 | Extreme Networks, Inc. | Method and apparatus for dynamic anomaly-based updates to traffic selection policies in a switch |
US8489344B2 (en) | 2007-02-09 | 2013-07-16 | Adaptive Spectrum And Signal Alignment, Inc. | Home network system augmentation with remote guidance and local set up and monitoring |
US8248928B1 (en) | 2007-10-09 | 2012-08-21 | Foundry Networks, Llc | Monitoring server load balancing |
US9177313B1 (en) | 2007-10-18 | 2015-11-03 | Jpmorgan Chase Bank, N.A. | System and method for issuing, circulating and trading financial instruments with smart features |
US8259722B1 (en) * | 2008-05-19 | 2012-09-04 | Juniper Networks, Inc. | Integrated packet inspection and modification system and network device for internet service provider market research and influence |
US8386937B1 (en) | 2008-07-17 | 2013-02-26 | NetBrain Technologies Inc. | System, apparatus, and method for filtering network configuration information |
US8102783B1 (en) | 2009-02-04 | 2012-01-24 | Juniper Networks, Inc. | Dynamic monitoring of network traffic |
US8260900B2 (en) | 2009-03-09 | 2012-09-04 | At&T Mobility Ii Llc | Network operation management |
US8098677B1 (en) | 2009-07-31 | 2012-01-17 | Anue Systems, Inc. | Superset packet forwarding for overlapping filters and related systems and methods |
US9270542B2 (en) | 2009-07-31 | 2016-02-23 | Ixia | Apparatus and methods for forwarding data packets captured from a network |
US8549552B2 (en) | 2009-11-03 | 2013-10-01 | The Nielsen Company (Us), Llc | Methods and apparatus to monitor media exposure in vehicles |
US8442048B2 (en) | 2009-11-04 | 2013-05-14 | Juniper Networks, Inc. | Methods and apparatus for configuring a virtual network switch |
WO2011133711A2 (en) | 2010-04-23 | 2011-10-27 | Net Optics, Inc | Integrated network data collection arrangement and methods thereof |
US8417867B2 (en) | 2010-11-17 | 2013-04-09 | Xilinx, Inc. | Multichip module for communications |
US8964569B2 (en) | 2011-07-04 | 2015-02-24 | Telefonaktiebolaget L M Ericsson (Publ) | Generic monitoring packet handling mechanism for OpenFlow 1.1 |
US9184995B2 (en) | 2012-04-11 | 2015-11-10 | Gigamon Inc. | Traffic visibility in an open networking environment |
US9894599B2 (en) | 2012-06-13 | 2018-02-13 | Qualcomm, Incorporated | Method and apparatus for WLAN initial link setup |
US10904075B2 (en) | 2012-07-02 | 2021-01-26 | Keysight Technologies Singapore (Sales) Pte. Ltd. | Preconfigured filters, dynamic updates and cloud based configurations in a network access switch |
US9407557B2 (en) | 2012-12-22 | 2016-08-02 | Edgewater Networks, Inc. | Methods and systems to split equipment control between local and remote processing units |
US9467366B2 (en) | 2013-07-03 | 2016-10-11 | Avaya Inc. | Method and apparatus providing single-tier routing in a shortest path bridging (SPB) network |
US9294406B2 (en) | 2013-07-24 | 2016-03-22 | Infinera Corporation | Use of switching for optimizing transport costs for bandwidth services |
US20150055720A1 (en) | 2013-08-21 | 2015-02-26 | Aviacomm Inc. | Simple and flexible interface architecture for controlling rf front-end components |
US20150113143A1 (en) | 2013-10-18 | 2015-04-23 | Hewlett-Packard Development Company, L.P | Network resource automation management |
CN105960777A (en) | 2013-10-21 | 2016-09-21 | 尼妍萨有限公司 | System and method for observing and controlling programmable network using remote network manager |
US9967150B2 (en) | 2014-04-30 | 2018-05-08 | Keysight Technologies Singapore (Holdings) Pte. Ltd. | Methods and apparatuses for implementing network visibility infrastructure |
US9571296B2 (en) | 2014-04-30 | 2017-02-14 | Ixia | Methods and apparatuses for abstracting filters in a network visibility infrastructure |
US9614743B2 (en) | 2014-08-20 | 2017-04-04 | Ciena Corporation | Systems and methods to compute carbon footprint of network services with network function virtualization (NFV) and software defined networking (SDN) |
-
2009
- 2009-07-31 US US12/533,957 patent/US9270542B2/en active Active
-
2016
- 2016-02-01 US US15/012,801 patent/US10616098B2/en active Active
Patent Citations (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5343473A (en) * | 1992-08-07 | 1994-08-30 | International Business Machines Corporation | Method of determining whether to use preempt/resume or alternate protocol for data transmission |
US5867763A (en) * | 1996-02-08 | 1999-02-02 | Qualcomm Incorporated | Method and apparatus for integration of a wireless communication system with a cable T.V. system |
US6130887A (en) * | 1996-09-30 | 2000-10-10 | Amsc Subsidairy Corporation | Methods of dynamically switching return channel transmissions of time-division multiple-access (TDMA) communication systems between signalling burst transmissions and message transmissions |
US6907001B1 (en) * | 1998-11-12 | 2005-06-14 | Hitachi, Ltd. | Packet switch for switching variable length packets in the form of ATM cells |
US6505255B1 (en) * | 1999-04-29 | 2003-01-07 | Mitsubishi Electric Information Technology Center America, Inc. (Ita) | Method for formatting and routing data between an external network and an internal network |
US7515650B1 (en) * | 2000-01-27 | 2009-04-07 | Pmc-Sierra, Inc. | Quadrature modulation compensation |
US7286652B1 (en) * | 2000-05-31 | 2007-10-23 | 3Com Corporation | Four channel audio recording in a packet based network |
US20020073136A1 (en) * | 2000-12-07 | 2002-06-13 | Tomoaki Itoh | Data reproduction method, data receiving terminal and data receiving method |
US20040015613A1 (en) * | 2001-07-12 | 2004-01-22 | Kenji Ikeda | Integrated circuit device |
US20030172123A1 (en) * | 2001-11-28 | 2003-09-11 | Sypris Data Systems, Inc. | Real-time data acquisition and storage network |
US7424018B2 (en) * | 2004-05-05 | 2008-09-09 | Gigamon Systems Llc | Asymmetric packet switch and a method of use |
US20050282502A1 (en) * | 2004-06-21 | 2005-12-22 | Elektrobit Oy. | System, apparatus, method and computer program for producing signals for testing radio frequency communication devices |
US20080052784A1 (en) * | 2006-08-22 | 2008-02-28 | Wiley William L | System and method for restricting access to network performance information tables |
US7596356B2 (en) * | 2006-12-19 | 2009-09-29 | Broadcom Corporation | On-chip baseband-to-RF interface and applications thereof |
US7945216B2 (en) * | 2006-12-20 | 2011-05-17 | Broadcom Corporation | Single chip wireless transceiver operable to perform voice, data and radio frequency (RF) processing |
US20080170561A1 (en) * | 2007-01-11 | 2008-07-17 | Eran Halbraich | Branch IP recording |
US20090190589A1 (en) * | 2008-01-28 | 2009-07-30 | Amrik Bains | Flexible time stamping |
US8446916B2 (en) * | 2008-10-24 | 2013-05-21 | Juniper Networks, Inc. | Flow consistent dynamic load balancing |
US20100135164A1 (en) * | 2008-12-02 | 2010-06-03 | Broadcom Corporation | Millimeter wave probing of components via a probe device and methods for use therewith |
US20110026406A1 (en) * | 2009-07-31 | 2011-02-03 | Gamage Nimal K K | Apparatus and methods for capturing data packets from a network |
US8134927B2 (en) * | 2009-07-31 | 2012-03-13 | Ixia | Apparatus and methods for capturing data packets from a network |
Cited By (199)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10749736B2 (en) | 2007-09-26 | 2020-08-18 | Nicira, Inc. | Network operating system for managing and securing networks |
US9083609B2 (en) | 2007-09-26 | 2015-07-14 | Nicira, Inc. | Network operating system for managing and securing networks |
US11683214B2 (en) | 2007-09-26 | 2023-06-20 | Nicira, Inc. | Network operating system for managing and securing networks |
US9876672B2 (en) | 2007-09-26 | 2018-01-23 | Nicira, Inc. | Network operating system for managing and securing networks |
US20090138577A1 (en) * | 2007-09-26 | 2009-05-28 | Nicira Networks | Network operating system for managing and securing networks |
US11425055B2 (en) | 2009-04-01 | 2022-08-23 | Nicira, Inc. | Method and apparatus for implementing and managing virtual switches |
US10931600B2 (en) | 2009-04-01 | 2021-02-23 | Nicira, Inc. | Method and apparatus for implementing and managing virtual switches |
US8966035B2 (en) | 2009-04-01 | 2015-02-24 | Nicira, Inc. | Method and apparatus for implementing and managing distributed virtual switches in several hosts and physical forwarding elements |
US9590919B2 (en) | 2009-04-01 | 2017-03-07 | Nicira, Inc. | Method and apparatus for implementing and managing virtual switches |
US20100257263A1 (en) * | 2009-04-01 | 2010-10-07 | Nicira Networks, Inc. | Method and apparatus for implementing and managing virtual switches |
US10616098B2 (en) | 2009-07-31 | 2020-04-07 | Keysight Technologies Singapore (Sales) Pte. Ltd. | Apparatus and methods for forwarding data packets captured from a network |
US8134927B2 (en) | 2009-07-31 | 2012-03-13 | Ixia | Apparatus and methods for capturing data packets from a network |
US20110026406A1 (en) * | 2009-07-31 | 2011-02-03 | Gamage Nimal K K | Apparatus and methods for capturing data packets from a network |
US20110103237A1 (en) * | 2009-10-29 | 2011-05-05 | Fluke Corporation | Method and apparatus for the efficient indexing and storage of network traffic |
US9806968B2 (en) | 2010-04-23 | 2017-10-31 | Ixia | Integrated network data collection arrangement and methods thereof |
US11641321B2 (en) | 2010-07-06 | 2023-05-02 | Nicira, Inc. | Packet processing for logical datapath sets |
US9363210B2 (en) | 2010-07-06 | 2016-06-07 | Nicira, Inc. | Distributed network control system with one master controller per logical datapath set |
US8830823B2 (en) | 2010-07-06 | 2014-09-09 | Nicira, Inc. | Distributed control platform for large-scale production networks |
US8837493B2 (en) | 2010-07-06 | 2014-09-16 | Nicira, Inc. | Distributed network control apparatus and method |
US8842679B2 (en) | 2010-07-06 | 2014-09-23 | Nicira, Inc. | Control system that elects a master controller instance for switching elements |
US8880468B2 (en) | 2010-07-06 | 2014-11-04 | Nicira, Inc. | Secondary storage architecture for a network control system that utilizes a primary network information base |
US8913483B2 (en) | 2010-07-06 | 2014-12-16 | Nicira, Inc. | Fault tolerant managed switching element architecture |
US8959215B2 (en) | 2010-07-06 | 2015-02-17 | Nicira, Inc. | Network virtualization |
US8958292B2 (en) | 2010-07-06 | 2015-02-17 | Nicira, Inc. | Network control apparatus and method with port security controls |
US8964528B2 (en) | 2010-07-06 | 2015-02-24 | Nicira, Inc. | Method and apparatus for robust packet distribution among hierarchical managed switching elements |
US8817620B2 (en) | 2010-07-06 | 2014-08-26 | Nicira, Inc. | Network virtualization apparatus and method |
US8964598B2 (en) | 2010-07-06 | 2015-02-24 | Nicira, Inc. | Mesh architectures for managed switching elements |
US8966040B2 (en) | 2010-07-06 | 2015-02-24 | Nicira, Inc. | Use of network information base structure to establish communication between applications |
US9008087B2 (en) | 2010-07-06 | 2015-04-14 | Nicira, Inc. | Processing requests in a network control system with multiple controller instances |
US9007903B2 (en) | 2010-07-06 | 2015-04-14 | Nicira, Inc. | Managing a network by controlling edge and non-edge switching elements |
US10320585B2 (en) | 2010-07-06 | 2019-06-11 | Nicira, Inc. | Network control apparatus and method for creating and modifying logical switching elements |
US9049153B2 (en) | 2010-07-06 | 2015-06-02 | Nicira, Inc. | Logical packet processing pipeline that retains state information to effectuate efficient processing of packets |
US9077664B2 (en) | 2010-07-06 | 2015-07-07 | Nicira, Inc. | One-hop packet processing in a network with managed switching elements |
US8775594B2 (en) | 2010-07-06 | 2014-07-08 | Nicira, Inc. | Distributed network control system with a distributed hash table |
US9106587B2 (en) | 2010-07-06 | 2015-08-11 | Nicira, Inc. | Distributed network control system with one master controller per managed switching element |
US9112811B2 (en) | 2010-07-06 | 2015-08-18 | Nicira, Inc. | Managed switching elements used as extenders |
US10326660B2 (en) | 2010-07-06 | 2019-06-18 | Nicira, Inc. | Network virtualization apparatus and method |
US10103939B2 (en) | 2010-07-06 | 2018-10-16 | Nicira, Inc. | Network control apparatus and method for populating logical datapath sets |
US9172663B2 (en) | 2010-07-06 | 2015-10-27 | Nicira, Inc. | Method and apparatus for replicating network information base in a distributed network control system with multiple controller instances |
US10038597B2 (en) | 2010-07-06 | 2018-07-31 | Nicira, Inc. | Mesh architectures for managed switching elements |
US10021019B2 (en) | 2010-07-06 | 2018-07-10 | Nicira, Inc. | Packet processing for logical datapath sets |
US9231891B2 (en) | 2010-07-06 | 2016-01-05 | Nicira, Inc. | Deployment of hierarchical managed switching elements |
US10686663B2 (en) | 2010-07-06 | 2020-06-16 | Nicira, Inc. | Managed switch architectures: software managed switches, hardware managed switches, and heterogeneous managed switches |
US8717895B2 (en) | 2010-07-06 | 2014-05-06 | Nicira, Inc. | Network virtualization apparatus and method with a table mapping engine |
US8718070B2 (en) | 2010-07-06 | 2014-05-06 | Nicira, Inc. | Distributed network virtualization apparatus and method |
US11223531B2 (en) | 2010-07-06 | 2022-01-11 | Nicira, Inc. | Method and apparatus for interacting with a network information base in a distributed network control system with multiple controller instances |
US9300603B2 (en) | 2010-07-06 | 2016-03-29 | Nicira, Inc. | Use of rich context tags in logical data processing |
US8743888B2 (en) | 2010-07-06 | 2014-06-03 | Nicira, Inc. | Network control apparatus and method |
US8743889B2 (en) | 2010-07-06 | 2014-06-03 | Nicira, Inc. | Method and apparatus for using a network information base to control a plurality of shared network infrastructure switching elements |
US9306875B2 (en) | 2010-07-06 | 2016-04-05 | Nicira, Inc. | Managed switch architectures for implementing logical datapath sets |
US11509564B2 (en) | 2010-07-06 | 2022-11-22 | Nicira, Inc. | Method and apparatus for replicating network information base in a distributed network control system with multiple controller instances |
US11539591B2 (en) | 2010-07-06 | 2022-12-27 | Nicira, Inc. | Distributed network control system with one master controller per logical datapath set |
US8750119B2 (en) | 2010-07-06 | 2014-06-10 | Nicira, Inc. | Network control apparatus and method with table mapping engine |
US11876679B2 (en) | 2010-07-06 | 2024-01-16 | Nicira, Inc. | Method and apparatus for interacting with a network information base in a distributed network control system with multiple controller instances |
US9692655B2 (en) | 2010-07-06 | 2017-06-27 | Nicira, Inc. | Packet processing in a network with hierarchical managed switching elements |
US8817621B2 (en) | 2010-07-06 | 2014-08-26 | Nicira, Inc. | Network virtualization apparatus |
US9391928B2 (en) | 2010-07-06 | 2016-07-12 | Nicira, Inc. | Method and apparatus for interacting with a network information base in a distributed network control system with multiple controller instances |
US9680750B2 (en) | 2010-07-06 | 2017-06-13 | Nicira, Inc. | Use of tunnels to hide network addresses |
US11677588B2 (en) | 2010-07-06 | 2023-06-13 | Nicira, Inc. | Network control apparatus and method for creating and modifying logical switching elements |
US8750164B2 (en) | 2010-07-06 | 2014-06-10 | Nicira, Inc. | Hierarchical managed switch architecture |
US9525647B2 (en) | 2010-07-06 | 2016-12-20 | Nicira, Inc. | Network control apparatus and method for creating and modifying logical switching elements |
US11743123B2 (en) | 2010-07-06 | 2023-08-29 | Nicira, Inc. | Managed switch architectures: software managed switches, hardware managed switches, and heterogeneous managed switches |
US8761036B2 (en) | 2010-07-06 | 2014-06-24 | Nicira, Inc. | Network control apparatus and method with quality of service controls |
US20130311609A1 (en) * | 2011-01-28 | 2013-11-21 | Napatech A/S | An apparatus and a method for receiving and forwarding data packets |
US9043452B2 (en) | 2011-05-04 | 2015-05-26 | Nicira, Inc. | Network control apparatus and method for port isolation |
US10356106B2 (en) | 2011-07-26 | 2019-07-16 | Palo Alto Networks (Israel Analytics) Ltd. | Detecting anomaly action within a computer network |
US11695695B2 (en) | 2011-08-17 | 2023-07-04 | Nicira, Inc. | Logical L3 daemon |
US11804987B2 (en) | 2011-08-17 | 2023-10-31 | Nicira, Inc. | Flow generation from second level controller to first level controller to managed switching element |
US9444651B2 (en) | 2011-08-17 | 2016-09-13 | Nicira, Inc. | Flow generation from second level controller to first level controller to managed switching element |
US9350696B2 (en) | 2011-08-17 | 2016-05-24 | Nicira, Inc. | Handling NAT in logical L3 routing |
US10027584B2 (en) | 2011-08-17 | 2018-07-17 | Nicira, Inc. | Distributed logical L3 routing |
US10193708B2 (en) | 2011-08-17 | 2019-01-29 | Nicira, Inc. | Multi-domain interconnect |
US10868761B2 (en) | 2011-08-17 | 2020-12-15 | Nicira, Inc. | Logical L3 daemon |
US10931481B2 (en) | 2011-08-17 | 2021-02-23 | Nicira, Inc. | Multi-domain interconnect |
US9253109B2 (en) | 2011-10-25 | 2016-02-02 | Nicira, Inc. | Communication channel for distributed network control system |
US9231882B2 (en) | 2011-10-25 | 2016-01-05 | Nicira, Inc. | Maintaining quality of service in shared forwarding elements managed by a network control system |
US9288104B2 (en) | 2011-10-25 | 2016-03-15 | Nicira, Inc. | Chassis controllers for converting universal flows |
US9306864B2 (en) | 2011-10-25 | 2016-04-05 | Nicira, Inc. | Scheduling distribution of physical control plane data |
US9319337B2 (en) | 2011-10-25 | 2016-04-19 | Nicira, Inc. | Universal physical control plane |
US9954793B2 (en) | 2011-10-25 | 2018-04-24 | Nicira, Inc. | Chassis controller |
US9246833B2 (en) | 2011-10-25 | 2016-01-26 | Nicira, Inc. | Pull-based state dissemination between managed forwarding elements |
US9319336B2 (en) | 2011-10-25 | 2016-04-19 | Nicira, Inc. | Scheduling distribution of logical control plane data |
US9319338B2 (en) | 2011-10-25 | 2016-04-19 | Nicira, Inc. | Tunnel creation |
US9300593B2 (en) | 2011-10-25 | 2016-03-29 | Nicira, Inc. | Scheduling distribution of logical forwarding plane data |
WO2013063332A1 (en) * | 2011-10-25 | 2013-05-02 | Nicira, Inc. | Network virtualization apparatus and method with scheduling capabilities |
US9203701B2 (en) | 2011-10-25 | 2015-12-01 | Nicira, Inc. | Network virtualization apparatus and method with scheduling capabilities |
US11669488B2 (en) | 2011-10-25 | 2023-06-06 | Nicira, Inc. | Chassis controller |
US10505856B2 (en) | 2011-10-25 | 2019-12-10 | Nicira, Inc. | Chassis controller |
US9178833B2 (en) | 2011-10-25 | 2015-11-03 | Nicira, Inc. | Chassis controller |
US9407566B2 (en) | 2011-10-25 | 2016-08-02 | Nicira, Inc. | Distributed network control system |
US9154433B2 (en) | 2011-10-25 | 2015-10-06 | Nicira, Inc. | Physical controller |
US9137107B2 (en) | 2011-10-25 | 2015-09-15 | Nicira, Inc. | Physical controllers for converting universal flows |
US9602421B2 (en) | 2011-10-25 | 2017-03-21 | Nicira, Inc. | Nesting transaction updates to minimize communication |
US10977067B2 (en) | 2011-11-15 | 2021-04-13 | Nicira, Inc. | Control plane interface for logical middlebox services |
US11740923B2 (en) | 2011-11-15 | 2023-08-29 | Nicira, Inc. | Architecture of networks with middleboxes |
US11593148B2 (en) | 2011-11-15 | 2023-02-28 | Nicira, Inc. | Network control system for configuring middleboxes |
US10514941B2 (en) | 2011-11-15 | 2019-12-24 | Nicira, Inc. | Load balancing and destination network address translation middleboxes |
US10884780B2 (en) | 2011-11-15 | 2021-01-05 | Nicira, Inc. | Architecture of networks with middleboxes |
US10191763B2 (en) | 2011-11-15 | 2019-01-29 | Nicira, Inc. | Architecture of networks with middleboxes |
US11372671B2 (en) | 2011-11-15 | 2022-06-28 | Nicira, Inc. | Architecture of networks with middleboxes |
US10310886B2 (en) | 2011-11-15 | 2019-06-04 | Nicira, Inc. | Network control system for configuring middleboxes |
US10922124B2 (en) | 2011-11-15 | 2021-02-16 | Nicira, Inc. | Network control system for configuring middleboxes |
US10235199B2 (en) | 2011-11-15 | 2019-03-19 | Nicira, Inc. | Migrating middlebox state for distributed middleboxes |
US10949248B2 (en) | 2011-11-15 | 2021-03-16 | Nicira, Inc. | Load balancing and destination network address translation middleboxes |
US10089127B2 (en) | 2011-11-15 | 2018-10-02 | Nicira, Inc. | Control plane interface for logical middlebox services |
US10033579B2 (en) | 2012-04-18 | 2018-07-24 | Nicira, Inc. | Using transactions to compute and propagate network forwarding state |
US10135676B2 (en) | 2012-04-18 | 2018-11-20 | Nicira, Inc. | Using transactions to minimize churn in a distributed network control system |
US10904075B2 (en) | 2012-07-02 | 2021-01-26 | Keysight Technologies Singapore (Sales) Pte. Ltd. | Preconfigured filters, dynamic updates and cloud based configurations in a network access switch |
US9979739B2 (en) | 2013-01-16 | 2018-05-22 | Palo Alto Networks (Israel Analytics) Ltd. | Automated forensics of computer systems using behavioral intelligence |
US9979742B2 (en) * | 2013-01-16 | 2018-05-22 | Palo Alto Networks (Israel Analytics) Ltd. | Identifying anomalous messages |
US11522788B2 (en) | 2013-10-04 | 2022-12-06 | Nicira, Inc. | Database protocol for exchanging forwarding state with hardware switches |
US9699070B2 (en) | 2013-10-04 | 2017-07-04 | Nicira, Inc. | Database protocol for exchanging forwarding state with hardware switches |
US10153965B2 (en) | 2013-10-04 | 2018-12-11 | Nicira, Inc. | Database protocol for exchanging forwarding state with hardware switches |
US9455901B2 (en) | 2013-10-04 | 2016-09-27 | Nicira, Inc. | Managing software and hardware forwarding elements to define virtual networks |
US10924386B2 (en) | 2013-10-04 | 2021-02-16 | Nicira, Inc. | Database protocol for exchanging forwarding state with hardware switches |
US10360196B2 (en) | 2014-04-15 | 2019-07-23 | Splunk Inc. | Grouping and managing event streams generated from captured network data |
US11108659B2 (en) | 2014-04-15 | 2021-08-31 | Splunk Inc. | Using storage reactors to transform event data generated by remote capture agents |
US10366101B2 (en) | 2014-04-15 | 2019-07-30 | Splunk Inc. | Bidirectional linking of ephemeral event streams to creators of the ephemeral event streams |
US10374883B2 (en) | 2014-04-15 | 2019-08-06 | Splunk Inc. | Application-based configuration of network data capture by remote capture agents |
US11314737B2 (en) | 2014-04-15 | 2022-04-26 | Splunk Inc. | Transforming event data using values obtained by querying a data source |
US11296951B2 (en) | 2014-04-15 | 2022-04-05 | Splunk Inc. | Interval-based generation of event streams by remote capture agents |
US11281643B2 (en) | 2014-04-15 | 2022-03-22 | Splunk Inc. | Generating event streams including aggregated values from monitored network data |
US10462004B2 (en) | 2014-04-15 | 2019-10-29 | Splunk Inc. | Visualizations of statistics associated with captured network data |
US11451453B2 (en) | 2014-04-15 | 2022-09-20 | Splunk Inc. | Configuring the generation of ephemeral event streams by remote capture agents |
US10127273B2 (en) | 2014-04-15 | 2018-11-13 | Splunk Inc. | Distributed processing of network data using remote capture agents |
US10523521B2 (en) | 2014-04-15 | 2019-12-31 | Splunk Inc. | Managing ephemeral event streams generated from captured network data |
US11252056B2 (en) | 2014-04-15 | 2022-02-15 | Splunk Inc. | Transforming event data generated by remote capture agents using user-generated code |
US11245581B2 (en) | 2014-04-15 | 2022-02-08 | Splunk Inc. | Selective event stream data storage based on historical stream data |
US10348583B2 (en) | 2014-04-15 | 2019-07-09 | Splunk Inc. | Generating and transforming timestamped event data at a remote capture agent |
US9762443B2 (en) | 2014-04-15 | 2017-09-12 | Splunk Inc. | Transformation of network data at remote capture agents |
US10693742B2 (en) | 2014-04-15 | 2020-06-23 | Splunk Inc. | Inline visualizations of metrics related to captured network data |
US11086897B2 (en) | 2014-04-15 | 2021-08-10 | Splunk Inc. | Linking event streams across applications of a data intake and query system |
US10700950B2 (en) | 2014-04-15 | 2020-06-30 | Splunk Inc. | Adjusting network data storage based on event stream statistics |
US10257059B2 (en) | 2014-04-15 | 2019-04-09 | Splunk Inc. | Transforming event data using remote capture agents and transformation servers |
US10951474B2 (en) | 2014-04-15 | 2021-03-16 | Splunk Inc. | Configuring event stream generation in cloud-based computing environments |
US11716248B1 (en) | 2014-04-15 | 2023-08-01 | Splunk Inc. | Selective event stream data storage based on network traffic volume |
US9923767B2 (en) | 2014-04-15 | 2018-03-20 | Splunk Inc. | Dynamic configuration of remote capture agents for network data capture |
US11863408B1 (en) | 2014-04-15 | 2024-01-02 | Splunk Inc. | Generating event streams including modified network data monitored by remote capture agents |
US11818018B1 (en) | 2014-04-15 | 2023-11-14 | Splunk Inc. | Configuring event streams based on identified security risks |
US9967150B2 (en) | 2014-04-30 | 2018-05-08 | Keysight Technologies Singapore (Holdings) Pte. Ltd. | Methods and apparatuses for implementing network visibility infrastructure |
US9571296B2 (en) | 2014-04-30 | 2017-02-14 | Ixia | Methods and apparatuses for abstracting filters in a network visibility infrastructure |
US11425229B2 (en) | 2014-10-30 | 2022-08-23 | Splunk Inc. | Generating event streams from encrypted network traffic monitored by remote capture agents |
US10701191B2 (en) | 2014-10-30 | 2020-06-30 | Splunk Inc. | Configuring rules for filtering events to be included in event streams |
US10812514B2 (en) | 2014-10-30 | 2020-10-20 | Splunk Inc. | Configuring the generation of additional time-series event data by remote capture agents |
US9843598B2 (en) | 2014-10-30 | 2017-12-12 | Splunk Inc. | Capture triggers for capturing network data |
US10805438B2 (en) | 2014-10-30 | 2020-10-13 | Splunk Inc. | Configuring the protocol-based generation of event streams by remote capture agents |
US11936764B1 (en) | 2014-10-30 | 2024-03-19 | Splunk Inc. | Generating event streams based on application-layer events captured by remote capture agents |
US9838512B2 (en) | 2014-10-30 | 2017-12-05 | Splunk Inc. | Protocol-based capture of network data using remote capture agents |
US10264106B2 (en) | 2014-10-30 | 2019-04-16 | Splunk Inc. | Configuring generation of multiple event streams from a packet flow |
US20160127180A1 (en) * | 2014-10-30 | 2016-05-05 | Splunk Inc. | Streamlining configuration of protocol-based network data capture by remote capture agents |
US10382599B2 (en) | 2014-10-30 | 2019-08-13 | Splunk Inc. | Configuring generation of event streams by remote capture agents |
US10193916B2 (en) | 2014-10-30 | 2019-01-29 | Splunk Inc. | Configuring the generation of event data based on a triggering search query |
US9596253B2 (en) | 2014-10-30 | 2017-03-14 | Splunk Inc. | Capture triggers for capturing network data |
US9621468B1 (en) * | 2014-12-05 | 2017-04-11 | Amazon Technologies, Inc. | Packet transmission scheduler |
US11115505B2 (en) | 2015-01-29 | 2021-09-07 | Splunk Inc. | Facilitating custom content extraction rule configuration for remote capture agents |
US10334085B2 (en) | 2015-01-29 | 2019-06-25 | Splunk Inc. | Facilitating custom content extraction from network packets |
US9923760B2 (en) | 2015-04-06 | 2018-03-20 | Nicira, Inc. | Reduction of churn in a network control system |
US9967134B2 (en) | 2015-04-06 | 2018-05-08 | Nicira, Inc. | Reduction of network churn based on differences in input state |
US10411912B2 (en) | 2015-04-17 | 2019-09-10 | Nicira, Inc. | Managing tunnel endpoints for facilitating creation of logical networks |
US11005683B2 (en) | 2015-04-17 | 2021-05-11 | Nicira, Inc. | Managing tunnel endpoints for facilitating creation of logical networks |
US10554484B2 (en) | 2015-06-26 | 2020-02-04 | Nicira, Inc. | Control plane integration with hardware switches |
US11895023B2 (en) | 2015-07-31 | 2024-02-06 | Nicira, Inc. | Enabling hardware switches to perform logical routing functionalities |
US11245621B2 (en) | 2015-07-31 | 2022-02-08 | Nicira, Inc. | Enabling hardware switches to perform logical routing functionalities |
JP2017046270A (en) * | 2015-08-28 | 2017-03-02 | 株式会社Ihi | Relay server, relay method and relay program |
US11095513B2 (en) | 2015-08-31 | 2021-08-17 | Nicira, Inc. | Scalable controller for hardware VTEPs |
US10313186B2 (en) | 2015-08-31 | 2019-06-04 | Nicira, Inc. | Scalable controller for hardware VTEPS |
US10230576B2 (en) | 2015-09-30 | 2019-03-12 | Nicira, Inc. | Managing administrative statuses of hardware VTEPs |
US11196682B2 (en) | 2015-09-30 | 2021-12-07 | Nicira, Inc. | IP aliases in logical networks with hardware switches |
US9998324B2 (en) | 2015-09-30 | 2018-06-12 | Nicira, Inc. | Logical L3 processing for L2 hardware switches |
US10204122B2 (en) | 2015-09-30 | 2019-02-12 | Nicira, Inc. | Implementing an interface between tuple and message-driven control entities |
US10805152B2 (en) | 2015-09-30 | 2020-10-13 | Nicira, Inc. | Logical L3 processing for L2 hardware switches |
US10447618B2 (en) | 2015-09-30 | 2019-10-15 | Nicira, Inc. | IP aliases in logical networks with hardware switches |
US10764111B2 (en) | 2015-09-30 | 2020-09-01 | Nicira, Inc. | Preventing concurrent distribution of network data to a hardware switch by multiple controllers |
US10263828B2 (en) | 2015-09-30 | 2019-04-16 | Nicira, Inc. | Preventing concurrent distribution of network data to a hardware switch by multiple controllers |
US11502898B2 (en) | 2015-09-30 | 2022-11-15 | Nicira, Inc. | Logical L3 processing for L2 hardware switches |
US11288249B2 (en) | 2015-09-30 | 2022-03-29 | Nicira, Inc. | Implementing an interface between tuple and message-driven control entities |
US10250553B2 (en) | 2015-11-03 | 2019-04-02 | Nicira, Inc. | ARP offloading for managed hardware forwarding elements |
US11032234B2 (en) | 2015-11-03 | 2021-06-08 | Nicira, Inc. | ARP offloading for managed hardware forwarding elements |
US11019167B2 (en) | 2016-04-29 | 2021-05-25 | Nicira, Inc. | Management of update queues for network controller |
US11601521B2 (en) | 2016-04-29 | 2023-03-07 | Nicira, Inc. | Management of update queues for network controller |
US10182035B2 (en) | 2016-06-29 | 2019-01-15 | Nicira, Inc. | Implementing logical network security on a hardware switch |
US10659431B2 (en) | 2016-06-29 | 2020-05-19 | Nicira, Inc. | Implementing logical network security on a hardware switch |
US10200343B2 (en) | 2016-06-29 | 2019-02-05 | Nicira, Inc. | Implementing logical network security on a hardware switch |
US11368431B2 (en) | 2016-06-29 | 2022-06-21 | Nicira, Inc. | Implementing logical network security on a hardware switch |
US20180074967A1 (en) * | 2016-09-09 | 2018-03-15 | Sap Se | Paging Mechanism for In-Memory Data Management System |
US20180074970A1 (en) * | 2016-09-09 | 2018-03-15 | Sap Se | Cache-Efficient Fragmentation of Data Structures |
US20180316592A1 (en) * | 2017-04-26 | 2018-11-01 | Microsemi Storage Solutions, Inc. | Scheduled network setup test method and system |
US10892972B2 (en) * | 2017-04-26 | 2021-01-12 | Microsemi Storage Solutions, Inc. | Scheduled network setup test method and system |
US10321656B1 (en) * | 2018-02-22 | 2019-06-18 | Seminis Vegetable Seeds, Inc. | Pepper hybrid SV2496HJ and parents thereof |
US10321655B1 (en) * | 2018-02-22 | 2019-06-18 | Seminis Vegetable Seeds, Inc. | Pepper hybrid SVHW4851 and parents thereof |
US10999304B2 (en) | 2018-04-11 | 2021-05-04 | Palo Alto Networks (Israel Analytics) Ltd. | Bind shell attack detection |
US11070569B2 (en) | 2019-01-30 | 2021-07-20 | Palo Alto Networks (Israel Analytics) Ltd. | Detecting outlier pairs of scanned ports |
US11184378B2 (en) | 2019-01-30 | 2021-11-23 | Palo Alto Networks (Israel Analytics) Ltd. | Scanner probe detection |
US11184377B2 (en) | 2019-01-30 | 2021-11-23 | Palo Alto Networks (Israel Analytics) Ltd. | Malicious port scan detection using source profiles |
US11184376B2 (en) | 2019-01-30 | 2021-11-23 | Palo Alto Networks (Israel Analytics) Ltd. | Port scan detection using destination profiles |
US11316872B2 (en) | 2019-01-30 | 2022-04-26 | Palo Alto Networks (Israel Analytics) Ltd. | Malicious port scan detection using port profiles |
US11509680B2 (en) | 2020-09-30 | 2022-11-22 | Palo Alto Networks (Israel Analytics) Ltd. | Classification of cyber-alerts into security incidents |
US11973852B2 (en) | 2021-09-03 | 2024-04-30 | Splunk Inc. | Generating event data at remote capture agents based on identified network addresses |
US11799880B2 (en) | 2022-01-10 | 2023-10-24 | Palo Alto Networks (Israel Analytics) Ltd. | Network adaptive alert prioritization system |
Also Published As
Publication number | Publication date |
---|---|
US20160226752A1 (en) | 2016-08-04 |
US10616098B2 (en) | 2020-04-07 |
US9270542B2 (en) | 2016-02-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10616098B2 (en) | Apparatus and methods for forwarding data packets captured from a network | |
US8134927B2 (en) | Apparatus and methods for capturing data packets from a network | |
US9565076B2 (en) | Distributed network traffic data collection and storage | |
US9531620B2 (en) | Control plane packet traffic statistics | |
US8582466B2 (en) | Flow statistics aggregation | |
US8923158B2 (en) | Smart traffic optimization | |
CA2854270C (en) | Network analysis device and method | |
US10740027B2 (en) | High speed logging system | |
US20090310491A1 (en) | Distributed Flow Analysis | |
SE534943C2 (en) | Apparatus and method for collecting and analyzing communication data | |
CN102223260A (en) | Method, system and device for testing transmission quality of IPTV (Internet Protocol Television) video data streams | |
CN104184659A (en) | Method and device for obtaining data packet in network | |
US11847108B2 (en) | System and method for capturing data to provide to a data analyser | |
US20060271670A1 (en) | System and method for partitioning network analysis | |
CN110149239A (en) | A kind of network flow monitoring method based on sFlow | |
US20110173165A1 (en) | Management of performance data | |
CN111181811A (en) | Statistical method, device, electronic equipment and medium | |
WO2022152230A1 (en) | Information flow identification method, network chip, and network device | |
CN114095383A (en) | Network flow sampling method and system and electronic equipment | |
US7821962B2 (en) | Memory access optimization | |
US11552870B2 (en) | Dynamic profile guided network telemetry configuration | |
Kumar et al. | Extended Time Machine Design using Reconfigurable Computing for Efficient Recording and Retrieval of Gigabit Network Traffic |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: AGILENT TECHNOLOGIES, INC., COLORADO Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:GAMAGE, NIMAL K.K.;WHITNER, RICHARD B.;BARTZ, THOMAS G.;REEL/FRAME:023102/0107 Effective date: 20090806 |
|
AS | Assignment |
Owner name: IXIA, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:AGILENT TECHNOLOGIES, INC.;REEL/FRAME:023574/0675 Effective date: 20091030 |
|
AS | Assignment |
Owner name: BANK OF AMERICA, N.A., AS ADMINISTRATIVE AGENT, TE Free format text: SECURITY AGREEMENT;ASSIGNOR:IXIA;REEL/FRAME:029698/0060 Effective date: 20121221 |
|
AS | Assignment |
Owner name: SILICON VALLEY BANK, AS SUCCESSOR ADMINISTRATIVE A Free format text: NOTICE OF SUBSTITUTION OF ADMINISTRATIVE AGENT;ASSIGNOR:BANK OF AMERICA, N.A., RESIGNING ADMINISTRATIVE AGENT;REEL/FRAME:034870/0598 Effective date: 20150130 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: IXIA, CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:SILICON VALLEY BANK, AS SUCCESSOR ADMINISTRATIVE AGENT;REEL/FRAME:042335/0465 Effective date: 20170417 |
|
AS | Assignment |
Owner name: KEYSIGHT TECHNOLOGIES SINGAPORE (HOLDINGS) PTE. LTD., SINGAPORE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:IXIA;REEL/FRAME:044222/0695 Effective date: 20170930 Owner name: KEYSIGHT TECHNOLOGIES SINGAPORE (HOLDINGS) PTE. LT Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:IXIA;REEL/FRAME:044222/0695 Effective date: 20170930 |
|
AS | Assignment |
Owner name: KEYSIGHT TECHNOLOGIES SINGAPORE (SALES) PTE. LTD., Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KEYSIGHT TECHNOLOGIES SINGAPORE (HOLDINGS) PTE. LTD.;REEL/FRAME:048225/0065 Effective date: 20181001 Owner name: KEYSIGHT TECHNOLOGIES SINGAPORE (SALES) PTE. LTD., SINGAPORE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KEYSIGHT TECHNOLOGIES SINGAPORE (HOLDINGS) PTE. LTD.;REEL/FRAME:048225/0065 Effective date: 20181001 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |