Abstract: A packet classifier for packet classification in computer networking is provided. The packet classifier includes a packet parser, an extended key crafting logic, a match and action table, and a rule parser configured to parse predetermined rules and to identify at least one commutable matching tuple. When the rule parser identifies the at least one commutable matching tuple in the predetermined rules, the rule parser actuates the extended key crafting logic and programs the match and action table based on the identified commutable matching tuple.

Abstract: Various systems and methods for implementing efficient TCAM resource sharing are described herein. Entries are allocated across a plurality of ternary content addressable memories (TCAMs), with the plurality of TCAMs including a primary TCAM and a secondary TCAM, where the entries are allocated by sequentially accessing a plurality of groups of value-mask-result (VMR) entries, with each group having at least one VMR entry associated with the group, and iteratively analyzing the VMR entries associated with each group to determine a result set of VMR entries, with the result set being a subset of VMR entries from the plurality of groups of VMR entries, and the result set to be stored in the primary TCAM.

Abstract: An example method for providing a self-stretching policer in a Quality of Service (QoS) community including a root node and one or more agent nodes can include maintaining and enforcing a policer policy in the root node. The policer policy can include at least one packet classification rule and corresponding police action, and the policer policy can be enforced by taking the corresponding police action if a traffic flow violates the packet classification rule. The method can include collecting policer statistics and determining if the traffic flow violates the packet classification rule by greater than a predetermined threshold using the policer statistics. If the traffic flow violates the packet classification rule by greater than the predetermined threshold, the method can include transmitting the policer policy to one or more of the agent nodes.

Abstract: An example method for providing a self-stretching policer in a Quality of Service (QoS) community including a root node and one or more agent nodes can include maintaining and enforcing a policer policy in the root node. The policer policy can include at least one packet classification rule and corresponding police action, and the policer policy can be enforced by taking the corresponding police action if a traffic flow violates the packet classification rule. The method can include collecting policer statistics and determining if the traffic flow violates the packet classification rule by greater than a predetermined threshold using the policer statistics. If the traffic flow violates the packet classification rule by greater than the predetermined threshold, the method can include transmitting the policer policy to one or more of the agent nodes.

Abstract: An example method for a distributed NetFlow exporter with a single IP endpoint in a network environment is provided and includes configuring a network protocol stack of an exporter with switched virtual interface (SVI) state information of an SVI associated with a switch in a network, retrieving flow data from a NetFlow cache, and communicating the flow data to a collector according to the configured network protocol stack. Although the communication bypasses the SVI, the collector perceives the flow records as being communicated by the SVI. The SVI state information includes a public Internet Protocol (IP) address and a Media Access Control (MAC) address of the SVI, where the exporter executes on an adaptor of a server in the network. The method also includes configuring a destination IP address and a destination MAC address on the exporter according to a NetFlow policy.

Abstract: A an example method includes building a dictionary between an exporter and a collector by encoding a first data record of a flow according to a dictionary template and exporting the first data record to the collector via a network communication. The method can also include compressing a second data record of the flow using the dictionary, where the compressing comprises encoding the second data record according to an encoding template; and exporting the second data record to the collector to be decompressed using the dictionary.

Abstract: An example method for providing a self-stretching policer in a Quality of Service (QoS) community including a root node and one or more agent nodes can include maintaining and enforcing a policer policy in the root node. The policer policy can include at least one packet classification rule and corresponding police action, and the policer policy can be enforced by taking the corresponding police action if a traffic flow violates the packet classification rule. The method can include collecting policer statistics and determining if the traffic flow violates the packet classification rule by greater than a predetermined threshold using the policer statistics. If the traffic flow violates the packet classification rule by greater than the predetermined threshold, the method can include transmitting the policer policy to one or more of the agent nodes.

Abstract: An example method for a distributed NetFlow exporter with a single IP endpoint in a network environment is provided and includes configuring a network protocol stack of an exporter with switched virtual interface (SVI) state information of an SVI associated with a switch in a network, retrieving flow data from a NetFlow cache, and communicating the flow data to a collector according to the configured network protocol stack. Although the communication bypasses the SVI, the collector perceives the flow records as being communicated by the SVI. The SVI state information includes a public Internet Protocol (IP) address and a Media Access Control (MAC) address of the SVI, where the exporter executes on an adaptor of a server in the network. The method also includes configuring a destination IP address and a destination MAC address on the exporter according to a NetFlow policy.

Abstract: Various systems and methods for implementing efficient TCAM resource sharing are described herein. Entries are allocated across a plurality of ternary content addressable memories (TCAMs), with the plurality of TCAMs including a primary TCAM and a secondary TCAM, where the entries are allocated by sequentially accessing a plurality of groups of value-mask-result (VMR) entries, with each group having at least one VMR entry associated with the group, and iteratively analyzing the VMR entries associated with each group to determine a result set of VMR entries, with the result set being a subset of VMR entries from the plurality of groups of VMR entries, and the result set to be stored in the primary TCAM.

Abstract: A an example method includes building a dictionary between an exporter and a collector by encoding a first data record of a flow according to a dictionary template and exporting the first data record to the collector via a network communication. The method can also include compressing a second data record of the flow using the dictionary, where the compressing comprises encoding the second data record according to an encoding template; and exporting the second data record to the collector to be decompressed using the dictionary.

Abstract: In one embodiment, a method comprises calculating a corresponding data packet arrival rate for each of a plurality of data sources supplying data packets destined for a prescribed destination, the prescribed destination within a machine and the prescribed destination having a bandwidth capacity; calculating a guaranteed shared bandwidth rate for each data source based on assigning a corresponding selected portion of the bandwidth capacity relative to the corresponding data packet arrival rate; selectively passing each data packet from the corresponding data source as a passed data packet, or dropping the corresponding data packet, according to a calculated probability that the corresponding data packet arrival rate does not exceed the corresponding guaranteed shared bandwidth rate; and selectively filtering the supply of aggregated passed data packets, aggregated only from among the passed data packets supplied by the data sources, to the prescribed destination according to the bandwidth capacity of the presc

Abstract: In one embodiment, a method comprises calculating a corresponding data packet arrival rate for each of a plurality of data sources supplying data packets destined for a prescribed destination, the prescribed destination within a machine and the prescribed destination having a bandwidth capacity; calculating a guaranteed shared bandwidth rate for each data source based on assigning a corresponding selected portion of the bandwidth capacity relative to the corresponding data packet arrival rate; selectively passing each data packet from the corresponding data source as a passed data packet, or dropping the corresponding data packet, according to a calculated probability that the corresponding data packet arrival rate does not exceed the corresponding guaranteed shared bandwidth rate; and selectively filtering the supply of aggregated passed data packets, aggregated only from among the passed data packets supplied by the data sources, to the prescribed destination according to the bandwidth capacity of the presc