Abstract: Aspects of the present disclosure provide a suitable architecture for a router controller which configures forwarding rules in a packet router of a network visibility system. In an embodiment, the router controller contains multiple controller blocks, with each controller block to examine a corresponding set of packets and to generate a respective set of forwarding rules for configuring the packet router. The router controller may also contain a switch to receive multiple packets and to forward to each controller block the corresponding set of packets. Each controller block may forward the respective set of forwarding rules to the switch, with the switch in turn configuring the packet router with the respective set of forwarding rules.

Abstract: Aspects of the present disclosure provide a suitable architecture for a router controller which configures forwarding rules in a packet router of a network visibility system. In an embodiment, the router controller contains multiple controller blocks, with each controller block to examine a corresponding set of packets and to generate a respective set of forwarding rules for configuring the packet router. The router controller may also contain a switch to receive multiple packets and to forward to each controller block the corresponding set of packets. Each controller block may forward the respective set of forwarding rules to the switch, with the switch in turn configuring the packet router with the respective set of forwarding rules.

Abstract: Techniques for implementing traffic deduplication in a visibility network are provided. According to one embodiment, a packet broker of the visibility network can receive a control or data packet replicated from a core network. The packet broker can then apply a first stage deduplication process in which the packet broker attempts to deduplicate the control or data packet based on one or more interfaces of the core network from which the control or data packet originated, and apply a second stage deduplication process in which the packet broker attempts to deduplicate the control or data packet based on the content (e.g., payload) of the control or data packet.

Abstract: Techniques for exchanging control and configuration information in a network visibility system are provided. In one embodiment, a control plane component of the network visibility system can receive one or more first messages from a data plane component of the network visibility system, where the one or more first messages define one or more forwarding resources available on the data plane component. The control plane component can further retrieve configuration information stored on the control plane component that comprises one or more network prefixes to be monitored by the network visibility system, and can determine one or more mappings between the network prefixes and the forwarding resources. Upon determining the one or more mappings, the control plane component can generate one or more packet forwarding rules based on the mappings.

Abstract: Aspects of the present disclosure enable a router controller to maintain a default rules table indicating allocation of internet protocol (IP) addresses (of general packet radio service (GPRS) tunneling protocol (GTP) packets) to respective output ports. In an embodiment, the router controller receives information indicating the respective tunnel endpoint IP addresses of a control session and a data session. The router controller is configured to determine whether such IP addresses of the control session and the data session(s) are allocated to the same output port. In response to the IP addresses of the control session and the data session not being allocated to the same output port, the router controller is configured to generate a dynamic rule to forward packets of both the control session and the data session to the same output port.

Abstract: A network visibility system includes a packet router and a router controller. The router controller programs respective forwarding rules in each of a set of load-sharing components of the packet router. Each load-sharing component in the set is designed to forward communication packets according to the respective programmed packet-forwarding rules. The router controller receives, from the packet router, information indicating an update to the availability status of components in the set of components. The router controller updates the respective forwarding rules to reflect the update to the availability status.

Abstract: Techniques for implementing traffic deduplication in a visibility network are provided. According to one embodiment, a packet broker of the visibility network can receive a control or data packet replicated from a core network. The packet broker can then apply a first stage deduplication process in which the packet broker attempts to deduplicate the control or data packet based on one or more interfaces of the core network from which the control ot data packet originated, and apply a second stage deduplication process in which the packet broker attempts to deduplicate the control or data packet based on the content (e.g., payload) of the control or data packet.

Abstract: Techniques for implementing a software-based packet broker in a visibility network are provided. According to one embodiment, the software-based packet broker can comprise a network device and a cluster of one or more processing nodes. The network device can receive a control or data packet replicated from a core network and forward the control or data packet to the cluster of one or more processing nodes. At least one processing node in the cluster can then execute, in software, one or more packet processing functions on the control or data packet, where the one or more packet processing functions are operable to determine an egress port of the network device through which the control or data packet should be forwarded to a probe/tool of the visibility network for analysis.

Abstract: Aspects of the present disclosure enable a router controller to maintain a default rules table indicating allocation of internet protocol (IP) addresses (of general packet radio service (GPRS) tunneling protocol (GTP) packets) to respective output ports. In an embodiment, the router controller receives information indicating the respective tunnel endpoint IP addresses of a control session and a data session. The router controller is configured to determine whether such IP addresses of the control session and the data session(s) are allocated to the same output port. In response to the IP addresses of the control session and the data session not being allocated to the same output port, the router controller is configured to generate a dynamic rule to forward packets of both the control session and the data session to the same output port.

Abstract: Aspects of the present disclosure enable a router controller to maintain a default rules table indicating allocation of IP addresses (of GTP packets) to respective output ports. In an embodiment, the router controller receives information indicating the respective tunnel endpoint IP addresses of a control session and a data session of a user. The router controller is configured to determine whether such IP addresses of the control session and the data session(s) are allocated to the same output port. If the IP addresses of the control session and the data session are not allocated to the same output port, router controller is configured to generate a dynamic rule to force packets of both the control session and the data session to the same output port.

Abstract: Techniques for implementing traffic deduplication in a visibility network are provided. According to one embodiment, a packet broker of the visibility network can receive a control or data packet replicated from a core network. The packet broker can then apply a first stage deduplication process in which the packet broker attempts to deduplicate the control or data packet based on one or more interfaces of the core network from which the control or data packet originated, and apply a second stage deduplication process in which the packet broker attempts to deduplicate the control or data packet based on the content (e.g., payload) of the control or data packet.

Abstract: A network visibility system provided according to an aspect of the present disclosure forms rules for routing of packets to appropriate analytic server, based on IP addresses discovered while processing packets. Due to such discovery and forming of rules based on discovery, manual configuration of the network visibility system can be avoided. In an embodiment, the network visibility system comprises a packet router and a router controller. The router controller receives the examined packets from the packet router and configures the packet router with the formed rules.

Abstract: Techniques for implementing a software-based packet broker in a visibility network are provided. According to one embodiment, the software-based packet broker can comprise a network device and a cluster of one or more processing nodes. The network device can receive a control or data packet replicated from a core network and forward the control or data packet to the cluster of one or more processing nodes. At least one processing node in the cluster can then execute, in software, one or more packet processing functions on the control or data packet, where the one or more packet processing functions are operable to determine an egress port of the network device through which the control or data packet should be forwarded to a probe/tool of the visibility network for analysis.

Abstract: Techniques for implementing traffic deduplication in a visibility network are provided. According to one embodiment, a packet broker of the visibility network can receive a control or data packet replicated from a core network. The packet broker can then apply a first stage deduplication process in which the packet broker attempts to deduplicate the control or data packet based on one or more interfaces of the core network from which the control or data packet originated, and apply a second stage deduplication process in which the packet broker attempts to deduplicate the control or data packet based on the content (e.g., payload) of the control or data packet.

Abstract: Aspects of the present disclosure enable a router controller to maintain a default rules table indicating allocation of IP addresses (of GTP packets) to respective output ports. In an embodiment, the router controller receives information indicating the respective tunnel endpoint IP addresses of a control session and a data session of a user. The router controller is configured to determine whether such IP addresses of the control session and the data session(s) are allocated to the same output port. If the IP addresses of the control session and the data session are not allocated to the same output port, router controller is configured to generate a dynamic rule to force packets of both the control session and the data session to the same output port.

Abstract: A network visibility system includes a packet router and a router controller. The router controller programs respective forwarding rules in each of a set of load-sharing components of the packet router. Each load-sharing component in the set is designed to forward communication packets according to the respective programmed packet-forwarding rules. The router controller receives, from the packet router, information indicating an update to the availability status of components in the set of components. The router controller updates the respective forwarding rules to reflect the update to the availability status.

Abstract: Aspects of the present disclosure provide a suitable architecture for a router controller which configures forwarding rules in a packet router of a network visibility system. In an embodiment, the router controller contains multiple controller blocks, with each controller block to examine a corresponding set of packets and to generate a respective set of forwarding rules for configuring the packet router. The router controller may also contain a switch to receive multiple packets and to forward to each controller block the corresponding set of packets. Each controller block may forward the respective set of forwarding rules to the switch, with the switch in turn configuring the packet router with the respective set of forwarding rules.

Abstract: A network visibility system provided according to an aspect of the present disclosure forms rules for routing of packets to appropriate analytic server, based on IP addresses discovered while processing packets. Due to such discovery and forming of rules based on discovery, manual configuration of the network visibility system can be avoided. In an embodiment, the network visibility system comprises a packet router and a router controller. The router controller receives the examined packets from the packet router and configures the packet router with the formed rules.

Abstract: Techniques for exchanging control and configuration information in a network visibility system are provided. In one embodiment, a control plane component of the network visibility system can receive one or more first messages from a data plane component of the network visibility system, where the one or more first messages define one or more forwarding resources available on the data plane component. The control plane component can further retrieve configuration information stored on the control plane component that comprises one or more network prefixes to be monitored by the network visibility system, and can determine one or more mappings between the network prefixes and the forwarding resources. Upon determining the one or more mappings, the control plane component can generate one or more packet forwarding rules based on the mappings.

Abstract: Techniques for efficiently programming forwarding rules in a network system are provided. In one embodiment, a control plane component of the network system can determine a packet forwarding rule to be programmed into a forwarding table of a service instance residing on a data plane component of the network system. The control plane component can then generate a message comprising the packet forwarding rule and a forwarding table index and transmit the message to a given service instance of the data plane component. Upon receiving the message, the data plane component can directly forward the message to the service instance. The packet forwarding rule can then be programmed into a forwarding table of the service instance, at the specified forwarding table index, without involving the management processor of the data plane component.