Network monitoring using traffic mirroring and encapsulated tunnel in virtualized information processing system

US 10,205,648 B1
Filed: 05/30/2014
Issued: 02/12/2019
Est. Priority Date: 05/30/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

obtaining, at a monitoring controller, a request to provide a monitoring function for at least one subject virtual processing element in a virtualized information processing system;

one of selecting and provisioning, by the monitoring controller, at least one traffic capture appliance configured to capture traffic associated with the subject virtual processing element; and

requesting, by the monitoring controller, the virtualized information processing system to forward a copy of traffic associated with the subject virtual processing element to the traffic capture appliance for analysis;

wherein requesting the virtualized information processing system to forward a copy of traffic associated with the subject virtual processing element comprises the monitoring controller querying a controller of the virtualized information processing system to locate a corresponding virtual switch and one or more logical ports for the subject virtual processing element, and further comprises the monitoring controller requesting the controller of the virtualized information processing system to set up traffic mirroring on the one or more logical ports and requesting the controller of the virtualized information processing system to configure an encapsulated tunnel from the corresponding virtual switch to the traffic capture appliance such that the traffic capture appliance captures and parses the copy of the traffic;

wherein the traffic mirroring and encapsulated tunnel are maintained when the subject virtual processing element is migrated from one physical host to another physical host; and

wherein one or more of the steps are performed under control of at least one processing device.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A request is obtained at a monitoring controller to provide a monitoring function for at least one subject virtual processing element (e.g., VM) in a virtualized information processing system. The monitoring controller selects and/or provisions at least one traffic capture appliance configured to capture traffic associated with the subject virtual processing element. The monitoring controller requests the virtualized information processing system to forward a copy of traffic associated with the subject virtual processing element, using traffic mirroring and an encapsulated tunnel, to the traffic capture appliance for analysis.

84 Citations

View as Search Results

20 Claims

1. A method, comprising:
- obtaining, at a monitoring controller, a request to provide a monitoring function for at least one subject virtual processing element in a virtualized information processing system;
  
  one of selecting and provisioning, by the monitoring controller, at least one traffic capture appliance configured to capture traffic associated with the subject virtual processing element; and
  
  requesting, by the monitoring controller, the virtualized information processing system to forward a copy of traffic associated with the subject virtual processing element to the traffic capture appliance for analysis;
  
  wherein requesting the virtualized information processing system to forward a copy of traffic associated with the subject virtual processing element comprises the monitoring controller querying a controller of the virtualized information processing system to locate a corresponding virtual switch and one or more logical ports for the subject virtual processing element, and further comprises the monitoring controller requesting the controller of the virtualized information processing system to set up traffic mirroring on the one or more logical ports and requesting the controller of the virtualized information processing system to configure an encapsulated tunnel from the corresponding virtual switch to the traffic capture appliance such that the traffic capture appliance captures and parses the copy of the traffic;
  
  wherein the traffic mirroring and encapsulated tunnel are maintained when the subject virtual processing element is migrated from one physical host to another physical host; and
  
  wherein one or more of the steps are performed under control of at least one processing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the analysis performed on the forwarded traffic captured by the traffic capture appliance comprises a security analysis.
  - 3. An article of manufacture comprising a non-transitory processor-readable storage medium having encoded therein executable code of one or more software programs, wherein the one or more software programs when executed by the at least one processing device implement the steps of the method of claim 1.
  - 4. The method of claim 1, wherein the traffic capture appliance parses the copy of the traffic and stores the parsed traffic for additional use based on a configuration of the traffic capture appliance.
  - 5. The method of claim 4, wherein the traffic capture appliance is configured with a capture filter to capture traffic corresponding to at least one of a given protocol and a given maximum traffic rate.
  - 6. The method of claim 1, wherein the monitoring controller configures the traffic capture appliance to perform traffic capturing via a traffic capture interface associated with the traffic capture appliance.
  - 7. The method of claim 1, wherein the corresponding virtual switch continues to forward traffic associated with the subject virtual processing element to a storage system.

8. A method, comprising:
- obtaining, at a monitoring controller, a request to provide a monitoring function for at least one subject virtual processing element in a virtualized information processing system;
  
  one of selecting and provisioning, by the monitoring controller, at least one traffic capture appliance configured to capture traffic associated with the subject virtual processing element; and
  
  requesting, by the monitoring controller, the virtualized information processing system to forward a copy of traffic associated with the subject virtual processing element to the traffic capture appliance for analysis;
  
  wherein requesting the virtualized information processing system to forward a copy of traffic associated with the subject virtual processing element comprises the monitoring controller querying a controller of the virtualized information processing system to locate a corresponding virtual switch and one or more logical ports for the subject virtual processing element, and further comprises the monitoring controller requesting the controller of the virtualized information processing system to set up traffic mirroring on the one or more logical ports and requesting the controller of the virtualized information processing system to configure an encapsulated tunnel from the corresponding virtual switch to the traffic capture appliance such that the traffic capture appliance captures and parses the copy of the traffic;
  
  wherein the traffic mirroring and encapsulated tunnel are maintained when the subject virtual processing element is migrated from one physical host to another physical host;
  
  wherein one or more of the steps are performed under control of at least one processing device; and
  
  wherein at least one of;
  
  the virtual processing element comprises a virtual machine;
  
  the traffic capture appliance is implemented by a virtual machine; and
  
  the virtualized information processing system comprises a software defined network (SDN) enabled data center.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein the traffic capture appliance parses the copy of the traffic and stores the parsed traffic for additional use based on a configuration of the traffic capture appliance.
  - 10. The method of claim 9, wherein the traffic capture appliance is configured with a capture filter to capture traffic corresponding to at least one of a given protocol and a given maximum traffic rate.
  - 11. The method of claim 8, wherein the analysis performed on the forwarded traffic captured by the traffic capture appliance comprises a security analysis.
  - 12. The method of claim 8, wherein the monitoring controller configures the traffic capture appliance to perform traffic capturing via a traffic capture interface associated with the traffic capture appliance.
  - 13. The method of claim 8, wherein the corresponding virtual switch continues to forward traffic associated with the subject virtual processing element to a storage system.

14. An apparatus, comprising:
- a memory; and
  
  at least one of a processor operatively coupled to the memory to form a monitoring controller configured to;
  
  obtain a request to provide a monitoring function for at least one subject virtual processing element in a virtualized information processing system;
  
  one of select and provision at least one traffic capture appliance configured to capture traffic associated with the subject virtual processing element; and
  
  request the virtualized information processing system to forward a copy of traffic associated with the subject virtual processing element to the traffic capture appliance for analysis;
  
  wherein the request of the virtualized information processing system to forward a copy of traffic associated with the subject virtual processing element to the traffic capture appliance for analysis comprises the monitoring controller being configured to query a controller of the virtualized information processing system to locate a corresponding virtual switch and one or more logical ports for the subject virtual processing element, and further comprises the monitoring controller requesting the system controller of the virtualized information processing system to set up traffic mirroring on the one or more logical ports and request the controller of the virtualized information processing system to configure an encapsulated tunnel from the corresponding virtual switch to the traffic capture appliance such that the traffic capture appliance captures and parses the copy of the traffic; and
  
  wherein the traffic mirroring and encapsulated tunnel are maintained when the subject virtual processing element is migrated from one physical host to another physical host.
- View Dependent Claims (15)
- - 15. The apparatus of claim 14, wherein the at least one processor instantiates at least one virtual machine which is configured to perform the obtaining, selecting, provisioning, and requesting operations.

16. An apparatus, comprising:
- a memory; and
  
  at least one processor operatively coupled to the memory to form a monitoring controller configured to;
  
  obtain a request to provide a monitoring function for at least one subject virtual processing element in a virtualized information processing system;
  
  one of select and provision at least one traffic capture appliance configured to capture traffic associated with the subject virtual processing element; and
  
  request the virtualized information processing system to forward a copy of traffic associated with the subject virtual processing element to the traffic capture appliance for analysis, wherein the request of the virtualized information processing system to forward a copy of traffic associated with the subject virtual processing element to the traffic capture appliance for analysis comprises the monitoring controller being configured to query a controller of the virtualized information processing system to locate a corresponding virtual switch and one or more logical ports for the subject virtual processing element, and further comprises the monitoring controller requesting the controller of the virtualized information processing system to set up traffic mirroring on the one or more logical ports and request the controller of the virtualized information processing system to configure an encapsulated tunnel from the corresponding virtual switch to the traffic capture appliance such that the traffic capture appliance captures and parses the copy of the traffic;
  
  wherein the traffic mirroring and encapsulated tunnel are maintained when the subject virtual processing element is migrated from one physical host to another physical host;
  
  wherein at least one of;
  
  the subject virtual processing element comprises a virtual machine;
  
  the traffic capture appliance is implemented by a virtual machine; and
  
  the virtualized information processing system comprises a software defined network (SDN) enabled data center.
- View Dependent Claims (17, 18)
- - 17. The apparatus of claim 16, wherein the traffic capture appliance parses the copy of the traffic and stores the parsed traffic for additional use based on a configuration of the traffic capture appliance.
  - 18. The apparatus of claim 17, wherein the traffic capture appliance is configured with a capture filter to capture traffic corresponding to at least one of a given protocol and a given maximum traffic rate.

19. A system, comprising:
- one or more virtual machines;
  
  a monitoring controller configured to;
  
  obtain a request to provide a monitoring function for a subject one of the one or more the virtual machines;
  
  one of select and provision at least one traffic capture appliance configured to capture traffic associated with the subject virtual machine;
  
  a system controller configured to receive a request from the monitoring controller to set up traffic mirroring and an encapsulation tunnel at one or more logical ports of a virtual switch that corresponds to the subject virtual machine so as to forward a copy of traffic associated with the subject virtual machine to the traffic capture appliance, wherein the request of the virtualized information processing system to forward a copy of traffic associated with the subject virtual processing element to the traffic capture appliance comprises the monitoring controller being configured to query a controller of the subject virtual machine to locate a corresponding virtual switch and one or more logical ports for the subject virtual machine, and further comprises the monitoring controller requesting the controller of the subject virtual machine to set up traffic mirroring on the one or more logical ports and request the controller of the subject virtual machine to configure an encapsulated tunnel from the corresponding virtual switch to the traffic capture appliance such that the traffic capture appliance captures and parses the copy of the traffic;
  
  an analyzer configured to receive the forwarded traffic from the traffic capture appliance and perform a security analysis on the forwarded traffic;
  
  wherein the traffic mirroring and encapsulated tunnel are maintained when the subject virtual processing element is migrated from one physical host to another physical host; and
  
  wherein the system is implemented in accordance with at least one processing device.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein the corresponding virtual switch continues to forward traffic associated with the subject virtual processing element to a storage system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Inventors
Guo, Feng, Yan, Kai, Black, David, Moriarty, Kathleen M., Wan, Lintao, Chen, Qiyan
Primary Examiner(s)
Barry, Lance Leonard

Application Number

US14/292,183
Time in Patent Office

1,719 Days
Field of Search

709224, 709223, 709225-226, 709228, 709232, 726 1, 370392
US Class Current
CPC Class Codes

H04L 43/12 Network monitoring probes

H04L 43/20 the monitoring system or th...

Network monitoring using traffic mirroring and encapsulated tunnel in virtualized information processing system

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

84 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network monitoring using traffic mirroring and encapsulated tunnel in virtualized information processing system

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links