Systems and methods for scalable network monitoring in virtual data centers
First Claim
1. A computer-implemented method for scalable network monitoring in virtual data centers, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying a plurality of network monitoring agents executing on a plurality of virtual machine host systems within a virtual data center;
intercepting, at a receiving virtual machine host system within the plurality of virtual machine host systems, a traffic flow within a virtual network that is hosted within the virtual data center from a sending virtual machine host system within the plurality of virtual machine host systems, wherein the receiving virtual machine host system executes a first network monitoring agent within the plurality of network monitoring agents that inspects traffic flows received at the receiving virtual machine host system;
determining a processor load on each of the plurality of virtual machine host systems;
selecting, based on the processor load on the receiving virtual machine host system exceeding an established threshold, an alternate virtual machine host system that executes a second network monitoring agent for inspecting the traffic flow; and
limiting the processor load on the receiving virtual machine host system by designating the second network monitoring agent executing on the alternate virtual machine host system to inspect the traffic flow between the sending virtual machine host system and the receiving virtual machine host system on behalf of the receiving virtual machine host system instead of the first network monitoring agent, wherein each network monitoring agent within the plurality of network monitoring agents inspects traffic flows by;
providing, within a virtualized switching device that routes network traffic from a source port within the virtual network to a destination port within the virtual network, a set of software-defined-network rules containing packet inspection criteria;
intercepting, at the source port, a packet destined for the destination port;
determining that at least one characteristic of the packet satisfies at least one of the rules; and
in response to determining that the characteristic of the packet satisfies at least one of the rules, forwarding a copy of the packet to a virtual tap port that analyzes the copy of the packet.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for scalable network monitoring in virtual data centers may include (1) identifying a plurality of network monitoring agents executing on a plurality of virtual machine host systems within a virtual data center, (2) intercepting, at a receiving virtual machine host system, a traffic flow within a virtual network within the virtual data center, (3) determining a processor load on each of the plurality of virtual machine host systems, (4) selecting, based on the processor load on the receiving virtual machine host system exceeding an established threshold, an alternate virtual machine host system that executes a second network monitoring agent for inspecting the traffic flow, and (5) limiting the processor load on the receiving virtual machine host system by designating the second network monitoring agent executing on the alternate virtual machine host system to inspect the traffic flow. Various other methods, systems, and computer-readable media are also disclosed.
25 Citations
19 Claims
-
1. A computer-implemented method for scalable network monitoring in virtual data centers, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying a plurality of network monitoring agents executing on a plurality of virtual machine host systems within a virtual data center; intercepting, at a receiving virtual machine host system within the plurality of virtual machine host systems, a traffic flow within a virtual network that is hosted within the virtual data center from a sending virtual machine host system within the plurality of virtual machine host systems, wherein the receiving virtual machine host system executes a first network monitoring agent within the plurality of network monitoring agents that inspects traffic flows received at the receiving virtual machine host system; determining a processor load on each of the plurality of virtual machine host systems; selecting, based on the processor load on the receiving virtual machine host system exceeding an established threshold, an alternate virtual machine host system that executes a second network monitoring agent for inspecting the traffic flow; and limiting the processor load on the receiving virtual machine host system by designating the second network monitoring agent executing on the alternate virtual machine host system to inspect the traffic flow between the sending virtual machine host system and the receiving virtual machine host system on behalf of the receiving virtual machine host system instead of the first network monitoring agent, wherein each network monitoring agent within the plurality of network monitoring agents inspects traffic flows by; providing, within a virtualized switching device that routes network traffic from a source port within the virtual network to a destination port within the virtual network, a set of software-defined-network rules containing packet inspection criteria; intercepting, at the source port, a packet destined for the destination port; determining that at least one characteristic of the packet satisfies at least one of the rules; and in response to determining that the characteristic of the packet satisfies at least one of the rules, forwarding a copy of the packet to a virtual tap port that analyzes the copy of the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for scalable network monitoring in virtual data centers, the system comprising:
-
an identification module, stored in memory, that identifies a plurality of network monitoring agents executing on a plurality of virtual machine host systems within a virtual data center; an interception module, stored in memory, that intercepts, at a receiving virtual machine host system within the plurality of virtual machine host systems, a traffic flow within a virtual network that is hosted within the virtual data center from a sending virtual machine host system within the plurality of virtual machine host systems, wherein the receiving virtual machine host system executes a first network monitoring agent within the plurality of network monitoring agents that inspects traffic flows received at the receiving virtual machine host system; a determination module, stored in memory, that determines a processor load on each of the plurality of virtual machine host systems; a selection module, stored in memory, that selects, based on the processor load on the receiving virtual machine host system exceeding an established threshold, an alternate virtual machine host system that executes a second network monitoring agent for inspecting the traffic flow; a limitation module, stored in memory, that limits the processor load on the receiving virtual machine host system by designating the second network monitoring agent executing on the alternate virtual machine host system to inspect the traffic flow between the sending virtual machine host system and the receiving virtual machine host system on behalf of the receiving virtual machine host system instead of the first network monitoring agent; and at least one physical processor configured to execute the identification module, the interception module, the determination module, the selection module, and the limitation module, wherein each network monitoring agent within the plurality of network monitoring agents inspects traffic flows by; providing, within a virtualized switching device that routes network traffic from a source port within the virtual network to a destination port within the virtual network, a set of software-defined-network rules containing packet inspection criteria; intercepting, at the source port, a packet destined for the destination port; determining that at least one characteristic of the packet satisfies at least one of the rules; and in response to determining that the characteristic of the packet satisfies at least one of the rules, forwarding a copy of the packet to a virtual tap port that analyzes the copy of the packet. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify a plurality of network monitoring agents executing on a plurality of virtual machine host systems within a virtual data center; intercept, at a receiving virtual machine host system within the plurality of virtual machine host systems, a traffic flow within a virtual network that is hosted within the virtual data center from a sending virtual machine host system within the plurality of virtual machine host systems, wherein the receiving virtual machine host system executes a first network monitoring agent within the plurality of network monitoring agents that inspects traffic flows received at the receiving virtual machine host system; determine a processor load on each of the plurality of virtual machine host systems; select, based on the processor load on the receiving virtual machine host system exceeding an established threshold, an alternate virtual machine host system that executes a second network monitoring agent for inspecting the traffic flow; and limit the processor load on the receiving virtual machine host system by designating the second network monitoring agent executing on the alternate virtual machine host system to inspect the traffic flow between the sending virtual machine host system and the receiving virtual machine host system on behalf of the receiving virtual machine host system instead of the first network monitoring agent, wherein each network monitoring agent within the plurality of network monitoring agents inspects traffic flows by; providing, within a virtualized switching device that routes network traffic from a source port within the virtual network to a destination port within the virtual network, a set of software-defined-network rules containing packet inspection criteria; intercepting, at the source port, a packet destined for the destination port; determining that at least one characteristic of the packet satisfies at least one of the rules; and in response to determining that the characteristic of the packet satisfies at least one of the rules, forwarding a copy of the packet to a virtual tap port that analyzes the copy of the packet.
-
Specification