Selective scanning of network packet traffic using cloud-based virtual machine tool platforms

US 10,050,847 B2
Filed: 09/30/2014
Issued: 08/14/2018
Est. Priority Date: 09/30/2014
Status: Active Grant

First Claim

Patent Images

1. A method for processing network packets, comprising:

receiving one or more network packet streams at one or more input ports for a network tool optimizer (NTO) device;

using the NTO device to analyze contents of packets within the one or more network packet streams to identify one or more subsets of traffic of interest (TOI) packets;

forwarding the one or more subsets of TOI packets from the NTO device to a cloud server system having one or more cloud-based packet analysis tools;

receiving the one or more subsets of TOI packets with a management platform within the cloud server system;

sending the one or more subsets of TOI packets from the management platform to the one or more cloud-based packet analysis tools;

receiving the packet analysis results with the management platform from the one or more cloud-based packet analysis tools;

sending the packet analysis results from the management platform to the NTO device; and

receiving packet analysis results at the NTO device from the cloud server system, the packet analysis results being based upon packet processing conducted by the one or more cloud-based packet analysis tools.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network tool optimizer devices and related methods are disclosed that provide selective scanning of network packet traffic using cloud-based virtual machine tool platforms. Rather than require local network analysis tool resources, the disclosed embodiments identify subsets of packet traffic of interest, and these subsets are forwarded to a cloud-based server system where cloud-based virtual machine tool platforms are used to process the subsets of traffic of interest. Results from this processing are then provided back to adjust the operation of the network tool optimizers. Some further embodiments use local capture buffers and remote cloud replay buffers to stored subsets of traffic locally for later communication to cloud server systems where cloud-based tools analyze replays of the captured network traffic. Some further embodiments also use results from cloud-based tools to initiate local virtual machine tool platforms that are used to further analyze traffic of interest.

Citations

22 Claims

1. A method for processing network packets, comprising:
- receiving one or more network packet streams at one or more input ports for a network tool optimizer (NTO) device;
  
  using the NTO device to analyze contents of packets within the one or more network packet streams to identify one or more subsets of traffic of interest (TOI) packets;
  
  forwarding the one or more subsets of TOI packets from the NTO device to a cloud server system having one or more cloud-based packet analysis tools;
  
  receiving the one or more subsets of TOI packets with a management platform within the cloud server system;
  
  sending the one or more subsets of TOI packets from the management platform to the one or more cloud-based packet analysis tools;
  
  receiving the packet analysis results with the management platform from the one or more cloud-based packet analysis tools;
  
  sending the packet analysis results from the management platform to the NTO device; and
  
  receiving packet analysis results at the NTO device from the cloud server system, the packet analysis results being based upon packet processing conducted by the one or more cloud-based packet analysis tools.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising generating packet forwarding rules associated with the one or more subsets of TOI packets, applying the packet forwarding rules to one or more filter engines within the NTO device, and using the one or more filter engines to forward the one or more subsets of TOI packets to the cloud server system.
  - 3. The method of claim 2, wherein the one or more filter engines forward the one or more subsets of TOI packets to a cloud offload processor within the NTO device and the forwarding and receiving steps are performed using the cloud offload processor.
  - 4. The method of claim 1, wherein the management platform and the one or more cloud-based packet analysis tools comprise virtual machine platforms.
  - 5. The method of claim 1, further comprising analyzing contents of the one or more subsets of TOI packets with the management platform and selecting one or more cloud-based packet analysis tools to receive the one or more subsets of TOI packets based upon the contents.
  - 6. The method of claim 1, further comprising utilizing an application intelligence processor to identify one or more subsets of TOI packets relating to one or more applications associated with the one or more network packet streams.
  - 7. The method of claim 1, further comprising utilizing a threat intelligence processor to identify one or more subsets of TOI packets relating to one or more network threats associated with the one or more network packet streams.
  - 8. The method of claim 1, further comprising storing the one or more subsets of TOI packets within a capture buffer within the NTO device before forwarding the one or more subsets of TOI packets to the cloud server system.
  - 9. The method of claim 8, further comprising storing the one or more subsets of TOI packets within a replay buffer within the cloud server system and forwarding the one or more subsets of TOI packets from the replay buffer to the one or more cloud-based packet analysis tools.
  - 10. The method of claim 1, adjusting operation of the NTO device using the packet analysis results received from the cloud server system.
  - 11. The method of claim 10, further comprising operating one or more virtual machine tool analysis platforms within the NTO device based upon the packet analysis results.
  - 12. The method of claim 1, wherein the one or more network packet streams are received at a speed of 10 Gigabits per second or faster, and wherein the forwarding and receiving steps are performed at a speed of 50 Megabits per second or less.

13. A network tool optimizer (NTO) device, comprising:
- one or more input ports configured to receive one or more network packet streams;
  
  a packet processor configured to receive the one or more network packet streams from the one or more input ports, to identify one or more subsets of traffic of interest (TOI) packets based upon contents of network packets within the one or more network packets streams, and to output the one or more subsets of TOI packets; and
  
  a cloud offload processor configured to receive the one or more subsets of TOI packets, to forward the one or more subsets of TOI packets to a cloud server system including one or more cloud-based packet analysis tools, and to receive packet analysis results from the cloud server system, the packet analysis results being based upon packet processing conducted by the one or more cloud-based packet analysis tools;
  
  wherein the offload processor is further configured to communicate the one or more subsets of TOI packets to a management platform within the cloud server system which is configured to send the one or more subsets of TOI packets from the management platform to the one or more cloud-based packet analysis tools and to receive the packet analysis results from the one or more cloud-based packet analysis tools, and the offload processor is further configured to receive the packet analysis results from the management platform.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The NTO device of claim 13, further comprising a filter processor coupled to the packet processor, the filter processor being configured to generate packet forwarding rules associated with the one or more subsets of TOI packets and to apply the packet forwarding rules to one or more filter engines within the NTO device, the one or more filter engines being configured to use the packet forwarding rules to forward the one or more subsets of TOI packets to the cloud offload processor.
  - 15. The NTO device of claim 13, wherein the packet processor comprises at least one of an application intelligence processor configured to identify one or more subsets of TOI packets relating to one or more applications associated with the one or more network packet streams or a threat intelligence processor configured to identify one or more subsets of TOI packets relating to one or more network threats associated with the one or more network packet streams.
  - 16. The NTO device of claim 13, further comprising a capture buffer configured to store the one or more subsets of TOI packets.
  - 17. The NTO device of claim 13, wherein the packet processor is configured to adjust operation of the NTO device based upon the packet analysis results received from the cloud server system.
  - 18. The NTO device of claim 17, wherein the packet processor is further configured to form one or more virtual machine tool analysis platforms within the NTO device based upon the packet analysis results.
  - 19. The NTO device of claim 13, wherein the one or more input ports are configured to receive the one or more network packet streams at a speed of 10 Gigabits per second or faster, and wherein the cloud offload processor is configured to communicate with the cloud server systems at a speed of 50 Megabits per second or less.

20. A packet processing system, comprising:
- a network tool optimizer (NTO) device, comprising;
  
  one or more input ports configured to receive one or more network packet streams;
  
  a packet processor configured to receive the one or more network packet streams from the one or more input ports, to identify one or more subsets of traffic of interest (TOI) packets based upon contents of network packets within the one or more network packets streams, and to output the one or more subsets of TOI packets; and
  
  a cloud offload processor configured to receive the one or more subsets of TOI packets, to forward the one or more subsets of TOI packets to a cloud server system including one or more cloud-based packet analysis tools, and to receive packet analysis results from the cloud server system, the packet analysis results being based upon packet processing conducted by the one or more cloud-based packet analysis tools; and
  
  a management platform within the cloud server system, the management platform being configured to receive the one or more subsets of TOI packets from the cloud offload processor, to communicate the one or more subsets of TOI packets to the one or more cloud-based packet analysis tools, to receive the packet analysis results from the one or more cloud-based packet analysis tools, and to communicate the result information to the cloud offload processor.
- View Dependent Claims (21, 22)
- - 21. The packet processing system of claim 20, wherein the management platform and the one or more cloud-based packet analysis tools comprise virtual machine platforms.
  - 22. The packet processing system of claim 20, wherein the management platform is further configured to select one or more cloud-based packet analysis tools based upon contents of the one or more subsets of TOI packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Keysight Technologies Singapore Sales Pte Ltd (Keysight Technologies, Inc.)
Original Assignee
Keysight Technologies Singapore (Holdings) Pte. Limited. (Keysight Technologies, Inc.)
Inventors
Raney, Kristopher
Primary Examiner(s)
Nawaz, Asad
Assistant Examiner(s)
Cairns, Thomas R

Application Number

US14/501,717
Publication Number

US 20160094418A1
Time in Patent Office

1,414 Days
Field of Search
US Class Current
CPC Class Codes

H04L 43/028   by filtering

H04L 43/04   Processing captured monitor...

H04L 43/062   related to network traffic

H04L 43/12   Network monitoring probes

H04L 43/18   Protocol analysers

H04L 43/20   the monitoring system or th...

H04L 43/50   Testing arrangements

H04L 63/1408   by monitoring network traff...

H04L 63/20   for managing network securi...

Selective scanning of network packet traffic using cloud-based virtual machine tool platforms

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Selective scanning of network packet traffic using cloud-based virtual machine tool platforms

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links