Abstract: Methods and systems for implementing traffic mirroring for network telemetry are disclosed. An embodiment of a method for implementing traffic mirroring for network telemetry involves identifying network traffic at a network appliance that is to be subjected to traffic mirroring for network telemetry, and selecting from available options of transmitting enhanced mirrored network traffic from the network appliance to a collector, wherein the enhanced mirrored network traffic is generated at the network appliance by at least one of compressing and encrypting the network traffic, and transmitting mirrored network traffic from the network appliance to the collector without compressing or encrypting the network traffic.

Abstract: Inbound packets can be received by a network device that determines a receive pipeline latency metric based on a plurality of receive pipeline residency times of the inbound packets and determines a receive queue latency metric based on a plurality of receive queue residency times of the inbound packets. The receive queue latency metric and the receive pipeline latency metric can be reported to a data collector. The network appliance may also receive a plurality of outbound packets on a transmit queue, determine a transmit queue latency metric based on the transmit queue residency times of the outbound packets, and determine a transmit pipeline latency metric based on the transmit pipeline residency times of the outbound packets. The outbound packets may be transmitted toward their destination. The transmit queue latency metric and the transmit pipeline latency metric can be reported to the data collector.

Abstract: Methods and systems for implementing traffic mirroring for network telemetry are disclosed. An embodiment of a method for implementing traffic mirroring for network telemetry involves identifying network traffic at a network appliance that is to be subjected to traffic mirroring for network telemetry, and selecting from available options of transmitting enhanced mirrored network traffic from the network appliance to a collector, wherein the enhanced mirrored network traffic is generated at the network appliance by at least one of compressing and encrypting the network traffic, and transmitting mirrored network traffic from the network appliance to the collector without compressing or encrypting the network traffic.

Abstract: Synchronizing the databases maintained by network appliances can support high availability or high throughput topologies, but also consumes the devices' processing resources. To address that resource consumption, the network appliance's packet processing pipeline circuits can process synchronization packets to thereby synchronize the databases. A local data structure can be in a first local state. Processing a network packet can result in changing the local data structure to a second local state. A state sync packet can include state transition data that indicates a state difference between the first local state and the second local state. The state sync packet can be sent to a peer device that is configured to process the state transition data using the peer device's packet processing pipeline circuit. The peer device's packet processing pipeline can use the state transition data to update a peer device data structure that is in the peer device.

Abstract: Tenants in data centers may want access to high precision clocks without having to run their own PTP stacks or reference clocks. Furthermore, different tenants may want their workloads synchronized to their own secured clock domain. PTP, the currently dominant synchronization protocol, allows for only 256 clock domains (CDs). Virtual CDs (vCDs) virtualize the concept of clock domains by maintaining a hardware clock within a host computer, receiving a network clock domain packet that includes a clock domain identifier and an origin timestamp produced by a reference clock, using the network clock domain packet to synchronize the hardware clock to the reference clock, and using the hardware clock to provide a hardware timestamp value to a virtual machine (VM) running on the host computer or to a process running on the host computer, wherein the hardware clock is secured from manipulation by the VM or by the process.

Abstract: Inbound packets can be received by a network device that determines a receive pipeline latency metric based on a plurality of receive pipeline residency times of the inbound packets and determines a receive queue latency metric based on a plurality of receive queue residency times of the inbound packets. The receive queue latency metric and the receive pipeline latency metric can be reported to a data collector. The network appliance may also receive a plurality of outbound packets on a transmit queue, determine a transmit queue latency metric based on the transmit queue residency times of the outbound packets, and determine a transmit pipeline latency metric based on the transmit pipeline residency times of the outbound packets. The outbound packets may be transmitted toward their destination. The transmit queue latency metric and the transmit pipeline latency metric can be reported to the data collector.

Abstract: A network appliance having a control plane and a data plane can process substantially every input packet at wire speed in a programmable packet processing pipeline of the data plane. Sensors, which can be processes implemented within the pipeline, can measure parameters of the network traffic flows and of the network appliance in accordance with monitoring policies. Reporting policies can be triggered when any one of many criteria are met by the parameters. The reporting policy can result in a report being sent to an outside recipient. Alternatively, the reporting policy can result in the network appliance implementing additional monitoring or reporting policies.

Abstract: A network appliance having a control plane and a data plane can process substantially every input packet at wire speed in a programmable packet processing pipeline of the data plane. Sensors, which can be processes implemented within the pipeline, can measure parameters of the network traffic flows and of the network appliance in accordance with monitoring policies. Reporting policies can be triggered when any one of many criteria are met by the parameters. The reporting policy can result in a report being sent to an outside recipient. Alternatively, the reporting policy can result in the network appliance implementing additional monitoring or reporting policies.

Abstract: Methods and systems for exporting network information from an exporter to a collector are disclosed. Embodiments of the present technology may include updating a non-key field of a flow entry in a flow cache that corresponds to a flow, setting a field in a context-bitmap of the flow entry in response to updating the non-key field of the flow entry, identifying an export policy using the context-bitmap, and exporting information related to the flow to a collector according to the export policy.

Abstract: Control plane analytics and policing may be provided. First, packets that traverse a port may be parsed. Next, based on the parsed packets, metrics for each of a plurality of hosts on a per-protocol basis may be created. The created metrics may then be analyzed and at least one restriction on at least one of the plurality of hosts may be applied based on the analysis.

Abstract: In one example, a security application that interfaces one or more cloud application clients in an enterprise network and one or more cloud applications detects a request made by one of the one or more cloud application clients to access a cloud application. The security application sends one or more prompts to the cloud application for one or more responses reflecting current empirical data obtained from the cloud application. The security application receives, from the cloud application, the one or more responses, and generates an application fingerprint that includes the one or more responses.

Abstract: Control plane analytics and policing may be provided. First, packets that traverse a port may be parsed. Next, based on the parsed packets, metrics for each of a plurality of hosts on a per-protocol basis may be created. The created metrics may then be analyzed and at least one restriction on at least one of the plurality of hosts may be applied based on the analysis.

Abstract: In one example, a security application that interfaces one or more cloud application clients in an enterprise network and one or more cloud applications detects a request made by one of the one or more cloud application clients to access a cloud application. The security application sends one or more prompts to the cloud application for one or more responses reflecting current empirical data obtained from the cloud application. The security application receives, from the cloud application, the one or more responses, and generates an application fingerprint that includes the one or more responses.

Abstract: In one embodiment, the processing by a packet switching device of a received network-to-link-layer address resolution request message (e.g., Address Resolution Protocol [ARP] Request message, Neighbor Discovery Protocol [NDP] Neighbor Solicitation message) is dependent upon whether or not its target IP address corresponds to a network gateway packet switching device. When the target IP address of a received ARP Request/NDP Neighbor Solicitation message corresponds to a network gateway, then the packet switching device responds effectively on behalf of the network gateway, rather than forwarding the message to the network gateway. When the target IP address of a received ARP Request/NDP Neighbor Solicitation message does not correspond to a network gateway and the Media Access Control (MAC) address corresponding to the target IP address is known, then the packet switching device transforms then sends the broadcast or multicast frame into a unicast frame.

Abstract: In one embodiment, a method includes receiving at a network device, resource information comprising attributes for compute and storage resources in a network, identifying a need for provisioning a virtual element, and selecting one of the compute and storage resources for use in provisioning the virtual element. Selection of the compute or storage resource includes analyzing the resource information for the compute resources and the storage resources in the network. An apparatus is also disclosed.

Abstract: In one embodiment, the processing by a packet switching device of a received network-to-link-layer address resolution request message (e.g., Address Resolution Protocol [ARP] Request message, Neighbor Discovery Protocol [NDP] Neighbor Solicitation message) is dependent upon whether or not its target IP address corresponds to a network gateway packet switching device. When the target IP address of a received ARP Request/NDP Neighbor Solicitation message corresponds to a network gateway, then the packet switching device responds effectively on behalf of the network gateway, rather than forwarding the message to the network gateway. When the target IP address of a received ARP Request/NDP Neighbor Solicitation message does not correspond to a network gateway and the Media Access Control (MAC) address corresponding to the target IP address is known, then the packet switching device transforms then sends the broadcast or multicast frame into a unicast frame.

Abstract: In one embodiment, a method includes receiving at a network device, resource information comprising attributes for compute and storage resources in a network, identifying a need for provisioning a virtual element, and selecting one of the compute and storage resources for use in provisioning the virtual element. Selection of the compute or storage resource includes analyzing the resource information for the compute resources and the storage resources in the network. An apparatus is also disclosed.

Abstract: According to the present invention, methods and apparatus are provided for improving data transfers between hosts and targets connected through fiber channel switches. A host connected intelligent port and a target connected intelligent port associated with fiber channel edge switches are configured to snoop frames from the host and target and establish flows for acceleration. The host connected intelligent port and the target connect intelligent port preemptively respond to host and target transmissions to reduce data transfer latency.

Abstract: Methods and apparatus are provided for improving the configuration and allocation of storage resources in a fiber channel fabric. Network topology information and loop topology information is used to increase data availability and data access efficiency. For example, devices in different loops are selected for striping and devices connected to a host through different ports and switches are selected for mirroring. Link speed, quality of service, credits, and the availability of trunking links can also be considered.

Abstract: Disclosed are apparatus and methods for facilitating caching in a storage area network (SAN). In general, data transfer traffic between one or more hosts and one or more memory portions in one or more storage device(s) is redirected to one or more cache modules. One or more network devices (e.g., switches) of the SAN can be configured to redirect data transfer for a particular memory portion of one or more storage device(s) to a particular cache module. As needed, data transfer traffic for any number of memory portions and storage devices can be identified for or removed from being redirected to a particular cache module. Also, any number of cache modules can be utilized for receiving redirected traffic so that such redirected traffic is divided among such cache modules in any suitable proportion for enhanced flexibility.