Abstract: A method of optimizing network traffic visibility resources comprises receiving, by a controller associated with a network traffic visibility system, information indicative of operation of the network traffic visibility system. The method further comprises facilitating, by the controller, control of resources in the network traffic visibility system, according to a configured resource control policy. The facilitating can include providing, by the controller, control signaling to cause maximization of network traffic monitoring fidelity for a plurality of Quality of Service (QoS) classes of network traffic, based on a specified fixed amount of one or more network resources associated with the network traffic visibility system. Alternatively or additionally, the facilitating can include providing, by the controller, control signaling to cause minimization of use of the one or more network resources, based on a specified fixed level of traffic monitoring fidelity associated with the plurality of QoS classes.

Abstract: A method of optimizing network traffic visibility resources comprises receiving, by a controller associated with a network traffic visibility system, information indicative of operation of the network traffic visibility system. The method further comprises facilitating, by the controller, control of resources in the network traffic visibility system, according to a configured resource control policy. The facilitating can include providing, by the controller, control signaling to cause maximization of network traffic monitoring fidelity for a plurality of Quality of Service (QoS) classes of network traffic, based on a specified fixed amount of one or more network resources associated with the network traffic visibility system. Alternatively or additionally, the facilitating can include providing, by the controller, control signaling to cause minimization of use of the one or more network resources, based on a specified fixed level of traffic monitoring fidelity associated with the plurality of QoS classes.

Abstract: A method of optimizing network traffic visibility resources comprises receiving, by a controller associated with a network traffic visibility system, information indicative of operation of the network traffic visibility system. The method further comprises facilitating, by the controller, control of resources in the network traffic visibility system, according to a configured resource control policy. The facilitating can include providing, by the controller, control signaling to cause maximization of network traffic monitoring fidelity for a plurality of Quality of Service (QoS) classes of network traffic, based on a specified fixed amount of one or more network resources associated with the network traffic visibility system. Alternatively or additionally, the facilitating can include providing, by the controller, control signaling to cause minimization of use of the one or more network resources, based on a specified fixed level of traffic monitoring fidelity associated with the plurality of QoS classes.

Abstract: A method of optimizing network traffic visibility resources comprises receiving, by a controller associated with a network traffic visibility system, information indicative of operation of the network traffic visibility system. The method further comprises facilitating, by the controller, control of resources in the network traffic visibility system, according to a configured resource control policy. The facilitating can include providing, by the controller, control signaling to cause maximization of network traffic monitoring fidelity for a plurality of Quality of Service (QoS) classes of network traffic, based on a specified fixed amount of one or more network resources associated with the network traffic visibility system. Alternatively or additionally, the facilitating can include providing, by the controller, control signaling to cause minimization of use of the one or more network resources, based on a specified fixed level of traffic monitoring fidelity associated with the plurality of QoS classes.

Abstract: Embodiments are disclosed for a network switch appliance with a traffic broker that facilitates routing of network traffic between pairs of end nodes on a computer network through a configurable sequence of in-line tools.

Abstract: Embodiments are disclosed for a network switch appliance with a traffic broker that facilitates routing of network traffic between pairs of end nodes on a computer network through a configurable sequence of in-line tools.

Abstract: Introduced here is a technique for using a network switch device, which may include commodity switching fabric, to route packets through an inline tool, without introducing any additional information to the packets. The introduced technique modifies standard capability of packet forwarding and learning port-to-MAC address associations to route data packets through the inline tool. The technique may include applying two override settings to the network device. A first override setting involves a forwarding rule that is based on the arrival port and the content of the packet. A second override setting involves disabling the MAC address learning mechanism for the packet received from the inline tool via the second tool port of the network device.

Abstract: A packet broker deployed in a visibility fabric may intelligently assign identifiers to data packets that are routed through sequences of one or more network tools for monitoring and/or security purposes. Guiding techniques based on these identifiers offer flexible support for multiple network tool operational modes. For example, the packet broker may be able to readily address changes in the state of a network tool connected to the packet broker by modifying certain egress translation schemes and/or ingress translation schemes. The “state” of a network tool can be “up” (i.e., ready for service) or “down” (i.e., out of service) based on, for example, the network tool's ability to pass through health-probing data packets dispatched by the packet broker.

Abstract: An inline-bypass switch system includes: a first inline-bypass switch appliance having a first bypass component, a first switch coupled to the first bypass component, and a first controller; and a second inline-bypass switch appliance having a second bypass component, a second switch coupled to the second bypass component, and a second controller; wherein the first controller in the first inline-bypass switch appliance is configured to provide a state signal that is associated with a state of the first inline-bypass switch appliance; and wherein the second controller in the second inline-bypass switch appliance is configured to control the second bypass component based at least in part on the state signal.

Abstract: A packet broker deployed in a visibility fabric may intelligently assign identifiers to data packets that are routed through sequences of one or more network tools for monitoring and/or security purposes. Guiding techniques based on these identifiers offer flexible support for multiple network tool operational modes. For example, the packet broker may be able to readily address changes in the state of a network tool connected to the packet broker by modifying certain egress translation schemes and/or ingress translation schemes. The “state” of a network tool can be “up” (i.e., ready for service) or “down” (i.e., out of service) based on, for example, the network tool's ability to pass through health-probing data packets dispatched by the packet broker.

Abstract: A packet broker deployed in a visibility fabric may intelligently assign identifiers to data packets that are routed through sequences of one or more network tools for monitoring and/or security purposes. Guiding techniques based on these identifiers offer flexible support for multiple network tool operational modes. For example, the packet broker may be able to readily address changes in the state of a network tool connected to the packet broker by modifying certain egress translation schemes and/or ingress translation schemes. The “state” of a network tool can be “up” (i.e., ready for service) or “down” (i.e., out of service) based on, for example, the network tool's ability to pass through health-probing data packets dispatched by the packet broker.

Abstract: An inline-bypass switch system includes: a first inline-bypass switch appliance having a first bypass component, a first switch coupled to the first bypass component, and a first controller; and a second inline-bypass switch appliance having a second bypass component, a second switch coupled to the second bypass component, and a second controller; wherein the first controller in the first inline-bypass switch appliance is configured to provide a state signal that is associated with a state of the first inline-bypass switch appliance; and wherein the second controller in the second inline-bypass switch appliance is configured to control the second bypass component based at least in part on the state signal.

Abstract: A packet broker deployed in a visibility fabric may intelligently assign identifiers to data packets that are routed through sequences of one or more network tools for monitoring and/or security purposes. However, in some instances, it may be desirable for data packets the one or more network tools in a load-balanced manner rather than a cascaded manner. Accordingly, the packet broker may initially form a trunk group (i.e., a predefined group of ports that are treated as one port) based on input provided by an administrator. A group of network tools that share a load (i.e., a traffic flow) through trunking facilitated by the packet broker are referred to as a “trunk group” of network tools.

Abstract: An inline-bypass switch system includes: a first inline-bypass switch appliance having a first bypass component, a first switch coupled to the first bypass component, and a first controller; and a second inline-bypass switch appliance having a second bypass component, a second switch coupled to the second bypass component, and a second controller; wherein the first controller in the first inline-bypass switch appliance is configured to provide a state signal that is associated with a state of the first inline-bypass switch appliance; and wherein the second controller in the second inline-bypass switch appliance is configured to control the second bypass component based at least in part on the state signal.

Abstract: A packet broker deployed in a visibility fabric may intelligently assign identifiers to data packets that are routed through sequences of one or more network tools for monitoring and/or security purposes. More specifically, the packet broker may apply packet-matching criteria to incoming data packets to determine a predetermined sequence of network tools through which the data packets are to be guided. For example, the packet broker may guide a data packet through a predetermined sequence of network tools by translating an internal identifier added to the data packet to an external identifier before transmission to each of the network tools, and translating the external identifier to a different internal identifier each time the data packet is received from each of the network tools.

Abstract: Embodiments are disclosed for monitoring the performance of an in-line tool without adding data to network traffic routed through the in-line tool. In some embodiments, performance of the in-line tool is based on a measured latency introduced by the processing of packets through the in-line tool. In some embodiments, network traffic is adaptively routed based on the measured latency at the in-line tool.

Abstract: An inline-bypass switch system includes: a first inline-bypass switch appliance having a first bypass component, a second bypass component, a first switch coupled to the first bypass component and the second bypass component, and a first controller; and a second inline-bypass switch appliance having a third bypass component, a fourth bypass component, a second switch coupled to the third bypass component and the fourth bypass component, and a second controller; wherein the first controller in the first inline-bypass switch appliance is configured to provide one or more state signals that is associated with a state of the first inline-bypass switch appliance; and wherein the second controller in the second inline-bypass switch appliance is configured to control the second bypass component based at least in part on the one or more state signals.

Abstract: Introduced here is a technique for using a network switch device, which may include commodity switching fabric, to route packets through an inline tool, without introducing any additional information to the packets. The introduced technique modifies standard capability of packet forwarding and learning port-to-MAC address associations to route data packets through the inline tool. The technique may include applying two override settings to the network device. A first override setting involves a forwarding rule that is based on the arrival port and the content of the packet. A second override setting involves disabling the MAC address learning mechanism for the packet received from the inline tool via the second tool port of the network device.

Abstract: Introduced here is a technique for using a network switch device, which may include commodity switching fabric, to route packets through an inline tool, without introducing any additional information to the packets. The introduced technique modifies standard capability of packet forwarding and learning port-to-MAC address associations to route data packets through the inline tool. The technique may include applying two override settings to the network device. A first override setting involves a forwarding rule that is based on the arrival port and the content of the packet. A second override setting involves disabling the MAC address learning mechanism for the packet received from the inline tool via the second tool port of the network device.

Abstract: An inline-bypass switch system includes: a first inline-bypass switch appliance having a first bypass component, a second bypass component, a first switch coupled to the first bypass component and the second bypass component, and a first controller; and a second inline-bypass switch appliance having a third bypass component, a fourth bypass component, a second switch coupled to the third bypass component and the fourth bypass component, and a second controller; wherein the first controller in the first inline-bypass switch appliance is configured to provide one or more state signals that is associated with a state of the first inline-bypass switch appliance; and wherein the second controller in the second inline-bypass switch appliance is configured to control the second bypass component based at least in part on the one or more state signals.