Abstract: A packet switch device for providing visibility of traffic in a network includes a housing, a processing unit located in the housing, a first network port communicatively coupled to the processing unit, wherein the first network port is configured to communicate with the network, a second network port communicatively coupled to the processing unit, wherein the second network port is configured to communicate with the network, and at least one instrument port communicatively coupled to the processing unit, the at least one instrument port configured to communicate with a first network monitoring instrument, wherein the processing unit is configured to support a movement of packets from one or both of the first and second network ports to the at least one instrument port.

Abstract: The present invention relates to a packet switch and a packet switching method. An example embodiment of the present invention comprises at least three network ports, at least one instrument port, a mux-switch, a packet switch fabric, and an address table. The embodiment updates the address table to include the source address of each ingress packet of each network port and associate the source address with that network port. The mux-switch routes the ingress packet traffic of each network port according to the identity of the network port so that at least a copy of the packet traffic of one of the network ports is routed to an instrument port. The packet switch fabric routes the packets from the instrument ports to the network ports according the destination address of the packet and the identity of the network port that is associated with the destination address as recorded in the address table.

Abstract: A packet switch system includes a packet switch appliance having a first network port configured to receive packets, and a first instrument port configured to communicate with a network monitoring tool, a storage system for storing the packets, and an integrated circuit configured to retrieve the packets from the storage system, and retroactively transmit the packets to the first instrument port in a play-back configuration in response to a user's command.

Abstract: A method of implementing map sharing for a network switch appliance, the network switch appliance having a plurality of network ports and a plurality of instrument ports, the method includes: receiving a first input for creating a map for the network switch appliance, wherein the map comprises one or more packet processing rules, and wherein the act of receiving the first input is performed by a processing unit; receiving a second input for prescribing a map sharing privilege for the map; and storing the map and the map sharing privilege in association with the map in a non-transitory medium.

Abstract: A method of monitoring network traffic includes accessing a network that includes a controller and a switch device having a flow table, wherein the controller is communicatively coupled to the switch device, and is configured to program a behavior of the switch device through an openflow protocol, and obtaining information regarding the programmed behavior of the switch device, wherein the act of obtaining the information is performed by a network appliance that is communicatively coupled to the network. An apparatus communicatively coupled to a network, includes a processor configured for accessing the network that includes a controller and a switch device having a flow table, wherein the controller is communicatively coupled to the switch device, and is configured to program a behavior of the switch device through an openflow protocol, and obtaining information regarding the programmed behavior of the switch device.

Abstract: A network switch apparatus, includes: a network port configured to receive a packet; instrument ports configured to communicate with respective network monitoring instruments; a packet duplication module configured to copy the packet to provide multiple packets that are identical to each other; a tagging module configured to tag the multiple packets with different respective identifiers to obtain tagged packets; and a processing unit coupled to the instrument ports; wherein the processing unit is configured to determine whether a first one of the tagged packets satisfies a first criterion, whether a second one of the tagged packets satisfies a second criterion, process the first one of the tagged packets in a first manner if the first one of the tagged packets satisfies the first criterion, and process the second one of the tagged packets in a second manner if the second one of the tagged packets satisfies the second criterion.

Abstract: The present invention relates to a packet switch and a packet switching method. An example embodiment of the present invention comprises at least three network ports, at least one instrument port, a mux-switch, a packet switch fabric, and an address table. The embodiment updates the address table to include the source address of each ingress packet of each network port and associate the source address with that network port. The mux-switch routes the ingress packet traffic of each network port according to the identity of the network port so that at least a copy of the packet traffic of one of the network ports is routed to an instrument port. The packet switch fabric routes the packets from the instrument ports to the network ports according the destination address of the packet and the identity of the network port that is associated with the destination address as recorded in the address table.

Abstract: Packets can be intelligently sliced by removing irrelevant portions of a packet, while retaining relevant portions. For a series of network packets, a packet is obtained from the network. The packet includes at least a header, one or more packet fields, and a first data payload. The protocol of the packet is determined. Once the protocol is known, the packet header is parsed to determine the position of the first data payload. Based on the determine positions of the first data payload, a modified packet is created by removing or masking the first data payload.

Abstract: A method of configuring a network component includes providing a plurality of templates, each of which is selectable for configuring the network component, wherein each of the templates has a set of available attributes associated thereto and includes a plurality of entry groups, each of the entry groups including a plurality of entries for allowing network processing rules that involve one or more of the attributes to be entered. The method also includes receiving an input regarding a desired attribute to be considered in a network process, and selecting one of the templates for configuring the network component based on the received input, wherein the act of selecting is performed automatically using a processor.

Abstract: A packet switch appliance includes a plurality of ports. One of the plurality of ports is configured to operate as a network port connected to a packet-switching network. Another of the plurality of ports is configured to operate as a first instrument port connected to a network instrument. To filter packets, one or more packets or copies of packets received through the first network port are examined prior to the packets or copies of packets being sent out the first instrument port to determine a current state of a state-based protocol, which includes a plurality of potential states. A filter is created or modified for the first network port or the first instrument port based on the determined current state of the state-based protocol.

Abstract: A method of packet processing, includes: providing a plurality of network appliances that form a cluster, wherein two or more of the plurality of network appliances in the cluster are located at different geographical locations, are communicatively coupled via a private network or an Internet, and are configured to collectively perform out-of-band packet processing; receiving a packet by one of the network appliances in the cluster; processing the packet using two or more of the plurality of the appliances in the cluster; and passing the packet to one or more network monitoring tools after the packet is processed.

Abstract: A method for use to configure a network switch device to implement a traffic flow configuration, the network switch device having a plurality of network ports and a plurality of instrument ports, the method includes: receiving instrument port information that identifies one or more of the instrument ports for the traffic flow configuration, wherein the instrument port information is received by a processing unit; receiving network port information that identifies one or more of the network ports for the traffic flow configuration; receiving traffic information that identifies one or more network traffic for the traffic flow configuration, wherein the traffic information is received after the instrument port information is received or after the network port information is received; and storing the instrument port information, the traffic information, and the network port information in association with each other to implement the traffic flow configuration.

Abstract: A method of packet processing includes receiving a packet at one of a plurality of network ports at a switch device, tagging the packet with a first identification, tagging the packet with a second identification, using a first table to determine a first set of output port identifications based at least in part on the first identification, using a second table to determine a second set of output port identifications based at least in part on the second identification, and performing a logical operation using the first set of output port identifications and the second set of output port identifications to identify one or more of a plurality of output ports at the switch device.

Abstract: A method for sampling packets for a network flow, includes: receiving a packet at a network port of a network switch appliance, the network switch appliance comprising an instrument port for communication with a network monitoring instrument; determining whether the packet belongs to a network flow that is desired to be monitored, wherein the act of determining is performed based at least in part on one or more information in a control plane using a processing unit; and passing the packet to the instrument port if the packet belongs to the network flow.

Abstract: A method of packet processing includes receiving a first packet that includes a header, the header having a plurality of fields, one of the plurality of fields being an identification field, determining an identification value for the identification field in the header of the first packet, determining whether the identification value of the first packet matches an identification value in a header of a second packet, and using another one of the fields in the header of the first packet to determine whether the first packet is a duplicate packet when the identification value of the first packet matches the identification value of the second packet.

Abstract: A network switch apparatus includes a first network port, a second network port, a first inline port, a second inline port, wherein the first and second inline ports are for communication with a pass-through device, a packet switch, and a by-pass device configured to operate in a first mode of operation, wherein in the first mode of operation, the by-pass device is configured to pass a first packet received at the first network port to the packet switch. The by-pass device is configured to switch from the first mode of operation to a second mode of operation upon an occurrence of a condition, and wherein in the second mode of operation, the by-pass device is configured to transmit a second packet received at the first network port to the second network port without passing the second packet to the packet switch.

Abstract: A first instrument port of a packet switch appliance is connected to a first data storage device. A second port is configured as a first network port. A first meta-data tag is created for a first block of packets received through the first network port. The first block is sent to the first data storage device through the first instrument port. The first meta-data tag or copy is sent to the first data storage device and/or a storage management server. A second instrument port of the packet switch appliance is connected to a second data storage device. A second meta-data tag is created for a second block of packets received through the first network port. The second block is sent to the second data storage device through the second instrument port. The second meta-data tag or copy is sent to the second data storage device and/or the storage management server.

Abstract: A packet switch appliance for connection to a packet switching network, the packet switch appliance has a motherboard that includes a processor, a network switch chip, and a connector. The packet switch appliance also includes a daughter board configured to be removably connected to the motherboard through the connector. The daughter board may include one or more of a network switch chip and a processor unit.

Abstract: A method and apparatus for performing packet time measurements. In one embodiment, the method comprises transmitting a packet in the network from a sender to a receiver through a plurality of devices; creating a plurality of packets by copying the packet at each of the plurality of devices as the packet is being transmitted through the plurality of devices, including adding a time stamp to each packet in the plurality of packets, wherein time stamps of plurality of packets are generated with data from time stamp engines synchronized to a global clock; sending the plurality of packets with their time stamps to a tool; and performing analysis on the plurality of packets using the tool.

Abstract: A packet switch appliance includes a plurality of ports. One of the plurality of ports is configured to operate as a network port connected to a packet-switching network. To map the network port of the packet switch appliance, a port map is created. The port map includes a first map rule, which has a first criterion and a first action, and at least a second map rule, which has a second criterion and a second action. The port map is assigned to the network port. When an ingress packet is received from the packet-switching network through the network port, the port map is applied to the ingress packet.