Abstract: A method executed by a dynamic session key acquisition (DSKA) engine residing in a virtual environment includes receiving session decryption information extraction instructions that configure the DSKA engine to obtain session decryption information for at least one communication session involving a virtual machine and obtaining the session decryption information from the virtual machine in accordance with the session decryption information extraction instructions. The session decryption information includes cryptographic keys utilized by an application server instance in the virtual machine to establish the at least one communication session. The session decryption information obtained from the virtual machine is stored and provided to a network traffic monitoring (NTM) agent. The NTM agent utilizes the session decryption information to decrypt copies of encrypted network traffic flows belonging to the at least one communication session involving the virtual machine.

Abstract: A method executed by a dynamic session key acquisition (DSKA) engine residing in a virtual environment includes receiving session decryption information extraction instructions that configure the DSKA engine to obtain session decryption information for at least one communication session involving a virtual machine and obtaining the session decryption information from the virtual machine in accordance with the session decryption information extraction instructions. The session decryption information includes cryptographic keys utilized by an application server instance in the virtual machine to establish the at least one communication session. The session decryption information obtained from the virtual machine is stored and provided to a network traffic monitoring (NTM) agent. The NTM agent utilizes the session decryption information to decrypt copies of encrypted network traffic flows belonging to the at least one communication session involving the virtual machine.

Abstract: According to one method, the method occurs at a first test device located inline between at least one traffic source and a network and/or system under test (NSUT), wherein the first test device is implemented using at least one processor and at least one memory. The method includes receiving, from a test controller, impairment rules generated from baseline metrics based on monitored live traffic for effecting traffic impairments; receiving traffic destined to the NSUT; impairing the traffic destined to the NSUT based on the impairment rules; sending the impaired traffic towards the NSUT, wherein the NSUT processes the impaired traffic; and sending, from the test device or a related tap, response information from the NSUT to the test controller for analyzing NSUT performance.

Abstract: The subject matter described herein relates to methods, systems, and computer readable media for triggering dynamic, on-demand activation of cloud-based network visibility tools. One method includes steps that occur in a network visibility platform including at least one processor. The method further includes classifying, using a classifier implemented by the at least one processor, packets or network metadata into groups of related packets or network metadata. The method further includes generating, using an event notification generator implemented by the at least one processor, event notifications based on the groups of related packets or network metadata classified by the classifier. The method further includes communicating, by the event notification generator, the event notifications to a cloud network for triggering dynamic on-demand activation of at least one cloud-based network visibility tool to process the groups of related packets or network metadata classified by the classifier.

Abstract: A method executed by a dynamic session key acquisition (DSKA) engine residing in a virtual environment includes receiving session decryption information extraction instructions that configure the DSKA engine to obtain session decryption information for at least one communication session involving a virtual machine and obtaining the session decryption information from the virtual machine in accordance with the session decryption information extraction instructions. The session decryption information includes cryptographic keys utilized by an application server instance in the virtual machine to establish the at least one communication session. The session decryption information obtained from the virtual machine is stored and provided to a network traffic monitoring (NTM) agent. The NTM agent utilizes the session decryption information to decrypt copies of encrypted network traffic flows belonging to the at least one communication session involving the virtual machine.

Abstract: A method for dynamic firewall configuration for accessing service hosted in virtual networks includes monitoring, in a virtual network, changes in an Internet protocol (IP) address of a service hosted in a virtual network. The method further includes detecting a change the IP address of the service hosted in the virtual network. The method further includes communicating notification of the change in IP address to a firewall policy management interface. The method further includes, automatically configuring a firewall to allow access to the service hosted in the virtual network.

Abstract: The subject matter described herein relates to methods, systems, and computer readable media for triggering dynamic, on-demand activation of cloud-based network visibility tools. One method includes steps that occur in a network visibility platform including at least one processor. The method further includes classifying, using a classifier implemented by the at least one processor, packets or network metadata into groups of related packets or network metadata. The method further includes generating, using an event notification generator implemented by the at least one processor, event notifications based on the groups of related packets or network metadata classified by the classifier. The method further includes communicating, by the event notification generator, the event notifications to a cloud network for triggering dynamic on-demand activation of at least one cloud-based network visibility tool to process the groups of related packets or network metadata classified by the classifier.

Abstract: Methods, systems, and computer readable media for packet classification are disclosed. According to one method, the method includes receiving a packet containing header information for packet classification. The method also includes determining, using the header information, a first memory address identifier. The method further includes determining, using the first memory address identifier, memory pointer information indicating a second memory address identifier. The method also includes obtaining, using the memory pointer information indicating the second memory address identifier, packet related information from a memory. The method further includes performing, using the packet related information, a packet classification action.

Abstract: Metadata associated with client application instances running in virtual machine (VM) platforms within virtual processing environments is collected by monitor applications also running within the VM platforms. The instance metadata is transmitted to and received by a monitor control platform which in turn stores the instance metadata within a monitor instance registry. The instance metadata is updated through solicited or unsolicited updates. The instance metadata is used to identify groups of application instances, and these groups are used to determine targets instances for monitoring or management actions based upon later detected network events such as network security or threat events. Further, trust scores can be determined for components of the metadata stored in the instance registry, and composite trust scores can be generated and used to identify on or more groups of application instances.

Abstract: Systems and methods are disclosed for drop detection and protection with respect to packet monitoring in virtual processing environments. Tap agents monitor and capture packets from the network traffic associated with network applications running within these virtual processing environments. Sequence numbers are added in packet encapsulation before tap packets are forwarded to tool agents. The tool agents then use the sequence numbers to detect packet drops within the tap packets. After drop detection, the tool agents send drop detection messages to an agent controller, and the agent controller generates and sends reconfiguration messages to the tap agents based upon the drop detection messages. The tool agents can also send drop detection messages directly to the tap agents. The tap agents adjust their operations based upon the reconfiguration messages and/or the drop detection messages to reduce packet drops within subsequent tap packets communications.

Abstract: Methods, systems, and computer readable media for processing data units are disclosed. According to one method, the method occurs at a network interface of a computing platform having per data unit processing overhead that limits throughput of the network interface. The method includes concatenating multiple individual data units into a concatenated data unit (CDU), wherein the CDU includes a header portion for at least one of the multiple data units, processing the CDU as a single data unit rather than as multiple individual data units such that the CDU incurs processing overhead of a single data unit rather than that of multiple individual data units, and de-concatenating the CDU into the multiple individual data units.

Abstract: Methods, systems, and computer readable media for optimizing storage of application data in memory are disclosed. According to one method for optimizing storage of application data in memory, the method includes receiving application data associated with an application. The method also includes generating, using information about the application, information about a processor, and information about a memory, a memory map indicating one or more memory locations in the memory for storing the application data. The method further includes storing, using the memory map, the application data in the one or more memory locations. The method also includes executing, using the processor, the application that uses the application data.

Abstract: Systems and methods are disclosed for instance based management and control for virtual machine (VM) platforms in virtual processing environments. Metadata associated with client application instances running in VM platforms are collected by monitor applications also running within the VM platforms. The instance metadata is transmitted to and received by a monitor control platform which in turn stores the instance metadata within a monitor instance registry. The instance metadata is updated through solicited or unsolicited updates. The instance metadata is used to identify groups of application instances, and these groups are used to determine targets instances for monitoring or management actions based upon later detected network events such as network security or threat events. Further, trust scores can be determined for components of the metadata stored in the instance registry, and composite trust scores can be generated and used to identify on or more groups of application instances.

Abstract: Methods, systems, and computer readable media for modeling a clock are disclosed. According to one exemplary method, the method occurs at a monitoring module associated with a first node. The method includes receiving packets from a second node, extracting timestamps from at least two of the packets, and generating, using the timestamps, clock related information for generating a local clock model indicative of a precision of a local clock at the first node relative to a clock at the second node.

Abstract: Methods, systems, and computer readable media for optimized message processing are disclosed. According to one exemplary method, the method includes receiving a message including header information. The method further includes determining, using the header information, whether a fast-path identification rule exists for identifying the message. The method also includes in response to determining that the fast-path identification rule does not exist, identifying the message using slow-path processing, determining the fast-path identification rule using the slow-path processing, and storing the fast-path identification rule in a memory.

Abstract: Methods, systems, and computer readable media for locating a physical connector module are disclosed. According to one aspect, the subject matter described herein a method that includes selecting, via a locator beacon activation control function, a physical connector module to be located. The method further includes communicating, from the locator beacon activation control function, a locator beacon activation signal to a locator beacon activation client function included in the selected physical connector module and, in response to receiving the locator beacon activation signal at the locator beacon activation client function, triggering a transmission of a locator beacon from the selected physical connector module.

Abstract: Methods, systems, and computer readable media for packet flow modification are disclosed. According to one method, the method includes receiving one or more packets associated with a packet flow. The method also includes modifying payload information in the one or more packets. The method further includes receiving a subsequent packet associated with the packet flow. The method also includes modifying transport layer or higher layer information in the subsequent packet using information associated with the modified payload information or the packet flow.

Abstract: Methods, systems, and computer readable media for modeling a clock are disclosed. According to one exemplary method, the method occurs at a monitoring module associated with a first node. The method includes receiving packets from a second node, extracting timestamps from at least two of the packets, and generating, using the timestamps, clock related information for generating a local clock model indicative of a precision of a local clock at the first node relative to a clock at the second node.

Abstract: Methods, systems, and computer readable media for storing data associated with packet related metrics are disclosed. According to one method, the method includes generating a test packet including a port tuple sequence number (PTSN), wherein the PTSN indicates a number of packets across multiple flows associated with a same port tuple, wherein the port tuple indicates an ingress port and an egress port that the test packet traverses at a device under test (DUT), and storing the PTSN in an entry of a data structure, wherein the entry is indexed by the port tuple.

Abstract: Methods, systems, and computer readable media for link aggregation group (LAG) link allocation are disclosed. According to one method for indirect LAG link allocation, the method includes status information associated with a LAG. The method also includes at a first network node, utilizing the status information to set path identifiers in packets for controlling LAG allocation. The method further includes at a second network node separate from the first network node, receiving the packets and allocating LAG links to the packets based on the path identifiers.