Virtual insertion into a network

US 10,044,643 B2
Filed: 05/24/2016
Issued: 08/07/2018
Est. Priority Date: 02/17/2010
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

virtually inserting, by a system comprising a processor, a network appliance in a data path within a network, wherein virtually inserting the network appliance in the data path comprises dynamically defining a data tap that describes a logical point within the data path to intercept data;

defining, by the system, a first application path from the data tap to a first application running on the network appliance;

defining, by the system, a second application path from the data tap to a second application; and

binding, by the system, the first application path to the second application path, the binding causing chaining of the first and second applications together at the data tap.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network appliance is virtually inserted in a data path within a network. Packet data that matches a criteria is intercepted at a logical point within the data path. The intercepted packet data is forwarded to an application running on the virtually inserted network appliance.

21 Citations

21 Claims

1. A method, comprising:
- virtually inserting, by a system comprising a processor, a network appliance in a data path within a network, wherein virtually inserting the network appliance in the data path comprises dynamically defining a data tap that describes a logical point within the data path to intercept data;
  
  defining, by the system, a first application path from the data tap to a first application running on the network appliance;
  
  defining, by the system, a second application path from the data tap to a second application; and
  
  binding, by the system, the first application path to the second application path, the binding causing chaining of the first and second applications together at the data tap.
- View Dependent Claims (2, 3, 14, 15, 16, 19, 20)
- - 2. The method of claim 1, further comprising:
    - binding the first application path to the data tap; and
3. The method of claim 1, wherein intercepting the data packet comprises:
- performing highest precedence interception on the data packet when multiple data taps are defined in the network.
14. The method of claim 1, wherein defining the second application path comprises defining the second application path from the data tap to the second application on the network appliance.
15. The method of claim 1, wherein defining the second application path comprises defining the second application path from the data tap to the second application on another network appliance.
16. The method of claim 1, further comprising:
- intercepting, by the system, a data packet matching a criterion at the logical point within the data path in the network; and
  
  forwarding, by the system, the intercepted data packet to the first application running on the virtually inserted network appliance.
19. The method of claim 16, further comprising:
- injecting, by the virtually inserted network appliance, the intercepted packet data packet into the data path.
20. The method of claim 16, wherein the criterion for intercepting the data packet includes a criterion relating to whether the data packet is traveling to or from an agent of a switch.

4. A network device, comprising:
- a processor; and
  
  a non-transitory storage medium storing instructions executable on the processor to;
  
  virtually insert a network appliance in a data path within a network by dynamically defining a data tap that describes a logical point within the data path to intercept data;
  
  define a first application path from the data tap to a first application running on the network appliance;
  
  define a second application path from the data tap to a second application; and
  
  bind the first application path to the second application path, the binding causing chaining of the first and second applications together at the data tap.
- View Dependent Claims (5, 6, 7, 8, 17, 21)
- - 5. The network device of claim 4, wherein the instructions are executable on the processor to:
    - use a data tap descriptor to define the data tap that describes the logical point within the data path to intercept data; and
      
      use application path descriptors to define the first and second application paths.
  - 6. The network device of claim 5, wherein the instructions are executable on the processor to dynamically update the data tap descriptor to define the data tap at another logical point in the network.
  - 7. The network device of claim 5, wherein the instructions are executable on the processor to:
    - define an ingress data tap to intercept a pre-routed form of a data packet and an egress data tap to intercept a post-routed form of a data packet.
  - 8. The network device of claim 4, wherein the instructions are executable on the processor to:
    - prevent a previously intercepted data packet from being re-intercepted by the data tap.
  - 17. The network device of claim 4, wherein the instructions are executable on the processor to:
    - intercept a data packet matching a criterion at the logical point within the data path in the network; and
      
      forward the intercepted data packet to the first application running on the virtually inserted network appliance.
  - 21. The network device of claim 17, wherein the instructions are executable on the processor to:
    - prevent an intercepted data packet or a portion of the intercepted data packet from being copied to a location other than the network appliance.

9. A non-transitory computer-readable storage medium containing instructions that, when executed, cause a computer to:
- virtually insert a network appliance in a data path within a network, wherein virtually inserting the network appliance in the data path comprises dynamically defining a data tap that describes a logical point within the data path to intercept data;
  
  define a first application path from the data tap to a first application running on the network appliance;
  
  define a second application path from the data tap to a second application; and
  
  bind the first application path to the second application path, the binding causing chaining of the first and second applications together at the data tap.
- View Dependent Claims (10, 11, 12, 13, 18)
- - 10. The non-transitory computer-readable storage medium of claim 9, wherein the instructions when executed cause the computer to:
    - concurrently route intercepted data packets from multiple different physical ports to the virtually inserted network appliance.
  - 11. The non-transitory computer-readable storage medium of claim 9, wherein the instructions when executed cause the computer to:
    - modify a data packet received from the virtually inserted network appliance to a pre-interception format.
  - 12. The non-transitory computer-readable storage medium of claim 9, wherein the instructions when executed cause the computer to:
    - use a data tap descriptor to dynamically define the data tap.
  - 13. The non-transitory computer-readable storage medium of claim 12, wherein the instructions when executed cause the computer to:
    - modify the data tap descriptor to define the data tap at a different logical point in the network to intercept data;
      
      automatically modify an application path descriptor to define a new application path between the virtually inserted network appliance and the modified data tap.
  - 18. The non-transitory computer-readable storage medium of claim 9, wherein the instructions when executed cause the computer to:
    - intercept a data packet matching a criterion at the logical point within the data path in the network; and
      
      forward the intercepted data packet to the first application running on the virtually inserted network appliance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Faulk, Jr., Robert L.
Primary Examiner(s)
Mew, Kevin

Application Number

US15/163,106
Publication Number

US 20160269323A1
Time in Patent Office

805 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/2854   Wide area networks, e.g. pu...

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 2101/668   Internet protocol [IP] addr...

H04L 49/55   Prevention, detection or co...

H04L 63/02   for separating internal fro...

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 69/22   Parsing or analysis of headers

H04L 9/40   Network security protocols

Virtual insertion into a network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual insertion into a network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links