Abstract: A network appliance described herein allows the user to selectively forward the flow of packets received through a network port, to a particular egress port. The network appliance creates virtual ports, which can be assigned to the one or more egress ports. The network appliance assigns the flow of packets to the one or more virtual ports in the network appliance. The network appliance decides a forwarding treatment to be applied to the flow of packets, for forwarding the flow of packets to the egress tool ports, based on the virtual port to which the flow of packets is assigned and based on a detected network characteristic. The forwarding treatment can be a decision to drop the flow of packets, or to send the flow of packets to the egress port assigned to the virtual port.

Abstract: A network switch apparatus, includes: a network port configured to receive a packet; instrument ports configured to communicate with respective network monitoring instruments; a packet duplication module configured to copy the packet to provide multiple packets that are identical to each other: a tagging module configured to tag the multiple packets with different respective identifiers to obtain tagged packets; and a processing unit coupled to the instrument ports; wherein the processing unit is configured to determine whether a first one of the tagged packets satisfies a first criterion, whether a second one of the tagged packets satisfies a second criterion, process the first one of the tagged packets in a first manner if the first one of the tagged packets satisfies the first criterion, and process the second one of the tagged packets in a second manner if the second one of the tagged packets satisfies the second criterion.

Abstract: A network appliance deployed in a visibility fabric may intelligently drop certain low priority traffic to avoid indiscriminate dropping of data packets across all flow maps during periods of high congestion. More specifically, the network appliance may determine the data packets of a flow map should be dropped based on priority measures assigned on a per-flow map basis. Such a technique enables the network appliance to drop low priority traffic and forward high priority traffic downstream. Also introduced herein are techniques for metering traffic in order to gain better control over the traffic that is forwarded to an egress port of a network appliance. Because a network tool connected to the egress port can become easily overwhelmed, the network appliance may filter the traffic based on the priority of the flow maps to ensure that the network tool does not receive more traffic than can be handled.

Abstract: A method of identifying targets for monitoring includes: obtaining a user-defined filter map, the user-defined filter map having one or more filter rules for matching against network traffic when the user-defined filter map is used by a network system to process the network traffic; and determining a set of one or more targets by a processing unit based at least in part on the user-defined filter map, wherein the processing unit comprises a target selection module configured to access a list of available targets from a database, and select the one or more targets from the list of available targets based at least in part on the user-defined filter map.

Abstract: A method for providing user access to a network switch appliance, includes: receiving from a user a request to access configuration item for the network switch appliance, the network switch appliance configured to pass packets received from a network to network monitoring instruments; and determining, using a processing unit, whether to allow the user to access the configuration item for the network switch appliance based on information regarding the user.

Abstract: Introduced here is a technique for using a network switch device, which may include commodity switching fabric, to route packets through an inline tool, without introducing any additional information to the packets. The introduced technique modifies standard capability of packet forwarding and learning port-to-MAC address associations to route data packets through the inline tool. The technique may include applying two override settings to the network device. A first override setting involves a forwarding rule that is based on the arrival port and the content of the packet. A second override setting involves disabling the MAC address learning mechanism for the packet received from the inline tool via the second tool port of the network device.

Abstract: Systems of redundant in-line network switch appliances are described. In an embodiment, a system includes a primary network switch appliance and a secondary network switch appliance communicatively coupled in-line between nodes on a computer network. A tool, for example for network monitoring, is communicatively coupled to the primary network switch appliance. In use, when the primary network switch appliance is in a first state, a bypass switch of the primary network switch appliance is configured to complete a communication path between the tool and a node on the computer network via a switching fabric of the primary network switch appliance. When the primary network switch appliance is in a second state, the bypass switch is configured to complete a communication path between the tool and the node on the computer network via the secondary network switch appliance, bypassing the switching fabric of the primary network switch appliance.

Abstract: Introduced herein is a technology for a network switch device to route network packets through a inline tool, without introducing additional information to the network packets. The technology records an association between an input network port and a signature (e.g., source MAC address) of the network packet, before forwarding the packet to the inline tool. When receiving the packet back from the inline tool, the network device recognizes that the packet signature is associated with the input network port, and that the input network port is paired with a particular output network port. Thus, the network device identifies the output network port for sending the packet, without modifying contents of the packet.

Abstract: With exponential growth in virtualized traffic within physical data centers, many end users (e.g., individuals and enterprises) have begun moving work processes and data to cloud computing platforms. However, accessing virtualized traffic traversing the cloud computing platforms for application, network, and security analysis is a challenge. Introduced here, therefore, are visibility platforms for monitoring virtualized traffic traversing a cloud computing platform, such as Amazon Web Services, VMware, and OpenStack. A visibility platform can be integrated into a cloud computing platform to provide a coherent view of virtualized traffic in motion across the cloud computing platform for a given end user. Said another way, a visibility platform can intelligently select, filter, and forward virtualized traffic belonging to an end user to a monitoring infrastructure, thereby eliminating traffic blind sports.

Abstract: A network appliance may include a signal splitter that splits an incoming signal into multiple portions. The signal splitter can direct one portion of the incoming signal to a switching fabric and another portion of the incoming signal to an optical switch. By monitoring the power intensity of the portion of the incoming signal received by the switching fabric, the network appliance can seamlessly switch between a bypass traffic path and a pass-through traffic path without losing network traffic caused by gaps in network connectivity. Such a configuration also enables the network appliance to maintain an accurate record of the logical connectivity state even when the network appliance is in the bypass state (i.e., when network traffic bypasses the switching fabric of the network appliance).

Abstract: An inline-bypass switch system includes: a first inline-bypass switch appliance having a first bypass component, a second bypass component, a first switch coupled to the first bypass component and the second bypass component, and a first controller; and a second inline-bypass switch appliance having a third bypass component, a fourth bypass component, a second switch coupled to the third bypass component and the fourth bypass component, and a second controller; wherein the first controller in the first inline-bypass switch appliance is configured to provide one or more state signals that is associated with a state of the first inline-bypass switch appliance; and wherein the second controller in the second inline-bypass switch appliance is configured to control the second bypass component based at least in part on the one or more state signals.

Abstract: A method of packet processing, includes: providing a plurality of network appliances that form a cluster, wherein two or more of the plurality of network appliances in the cluster are located at different geographical locations, are communicatively coupled via a private network or an Internet, and are configured to collectively perform out-of-band packet processing; receiving a packet by one of the network appliances in the cluster; processing the packet using two or more of the plurality of the appliances in the cluster; and passing the packet to one or more network monitoring tools after the packet is processed.

Abstract: Ternary content-addressable memory (TCAM) of an ingress appliance in a visibility fabric may include rules for filtering traffic received by the ingress appliance. But the TCAM has limited space for rules and can become easily exhausted. By migrating rules to other visibility nodes in the visibility fabric, the techniques introduced here allow the TCAM to be virtually extended across multiple visibility nodes. More specifically, upon receiving a data packet at an ingress port, the ingress visibility node can tag the data packet with an identifier based on which ingress port received the data packet. The ingress visibility node can then determine, based on the identifier, whether the data packet should be filtered using a rule stored in the TCAM of the ingress visibility node or a rule stored in the TCAM of some visibility node in the visibility fabric.

Abstract: A fabric manager includes: a processing unit having a service chain creation module configured to create a service chain by connecting some of a plurality of nodes via virtual links; wherein the some of the plurality of nodes represent respective network components of an auxiliary network configured to obtain packets from a traffic production network; and wherein the service chain is configured to control an order of the network components represented by the some of the plurality of nodes packets are to traverse.

Abstract: A method of monitoring virtualized network includes receiving information regarding the virtualized network, wherein the information is received at a port of a network switch appliance, receiving a packet at a network port of the network switch appliance, and using the received information to determine whether to process the packet according to a first packet processing scheme or a second packet processing scheme, wherein the first packet processing scheme involves performing header stripping, and performing packet transmission to one of a plurality of instrument ports at the network switch appliance after the header stripping, each of the instrument ports configured for communicatively coupling to a network monitoring instrument, and wherein the second packet processing scheme involves performing packet transmission to one of the plurality of instrument ports at the network switch appliance without performing any header stripping.

Abstract: A switch appliance includes a first network port for communication with a first node, where the first network port is configured to receive a packet, and a second network port for communication with a second node. The switch appliance further includes a first instrument port for communication with a first inline tool, a buffer, and a processing unit coupled to the first network port, the second network port, the first instrument port and the buffer. The processing unit is configured to determine whether a packet processing state has been set as an inline-tool processing state or a bypass state, and is configured to pass the packet to the second network port for transmission to the second node, and to store a copy of the packet in the buffer, if the packet processing state has not been set as the inline-tool processing state nor the bypass state.

Abstract: An inline-bypass switch system includes: a first inline-bypass switch appliance having a first bypass component, a first switch coupled to the first bypass component, and a first controller; and a second inline-bypass switch appliance having a second bypass component, a second switch coupled to the second bypass component, and a second controller; wherein the first controller in the first inline-bypass switch appliance is configured to provide a state signal that is associated with a state of the first inline-bypass switch appliance; and wherein the second controller in the second inline-bypass switch appliance is configured to control the second bypass component based at least in part on the state signal.

Abstract: A network device includes: one or more ports for tapping to a network; and a processing unit configured for receiving a first packet tapped from the network, wherein the first packet is received at a first network port of the network device; determining a first identity of a first network equipment associated with the first packet based on a discovery protocol; and associating the first identity of the first network equipment with a first identity of the first network port of the network device at which the first packet is received; and a non-transitory medium for storing the first identity of the first network equipment and the first identity of the first network port in association with each other.

Abstract: A method of packet processing by a network switch appliance includes receiving a first packet at a first network port of the network switch appliance, determining a first workload at the network switch appliance at a first time instant, performing a task to process the first packet when the first workload is below a first prescribed threshold, and passing the first packet to an instrument port at the network switch appliance. A method of packet processing by a network switch appliance includes receiving a first packet at a first network port of the network switch appliance, determining a first resource at the network switch appliance at a first time instant, performing a task to process the first packet when the first resource is above a first prescribed threshold, and passing the first packet to an instrument port at the network switch appliance.

Abstract: A method of identifying targets for monitoring includes: obtaining a user-defined filter map, the user-defined filter map having one or more filter rules for matching against network traffic when the user-defined filter map is used by a network system to process the network traffic; and determining a set of one or more targets by a processing unit based at least in part on the user-defined filter map, wherein the processing unit comprises a target selection module configured to access a list of available targets from a database, and select the one or more targets from the list of available targets based at least in part on the user-defined filter map.