Logical network traffic analysis

US 10,469,342 B2
Filed: 12/31/2014
Issued: 11/05/2019
Est. Priority Date: 10/10/2014
Status: Active Grant

First Claim

Patent Images

1. A method of gathering data to perform traffic analysis between data compute nodes (DCNs) executing on host computers in a datacenter and associated with a logical network connecting the DCNs, the method comprising:

defining a unique identifier for a logical network probe;

associating the logical network probe with at least one logical observation point in the logical network, the logical network implemented over a physical network of the datacenter comprising a plurality of managed forwarding elements, the logical observation point corresponding to a plurality of different physical observation points on at least two host computers associated with a set of at least two managed forwarding elements executing on the at least two host computers along with at least two DCNs;

generating data for a sample-action flow entry in a logical processing pipeline associated with the logical observation point; and

distributing the sample-action flow entry data to the set of at least two managed forwarding elements in the physical network that are for processing data packets associated with the logical observation point, each managed forwarding element in the set for using a sample-action flow entry to identify packets for sampling.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments of the invention provide a method for gathering data for logical network traffic analysis by sampling flows of packets forwarded through a logical network. Some embodiments are implemented by a set of network virtualization controllers that, on a shared physical infrastructure, can implement two or more sets of logical forwarding elements that define two or more logical networks. In some embodiments, the method (1) defines an identifier for a logical network probe, (2) associates this identifier with one or more logical observation points in the logical network, and (3) distributes logical probe configuration data, including sample-action flow entry data, to one or more managed forwarding elements that implement the logical processing pipeline at the logical observation points associated with the logical network probe identifier. In some embodiments, the sample-action flow entry data specify the packet flows that the forwarding elements should sample and the percentage of packets within these flows that the forwarding elements should sample.

264 Citations

22 Claims

1. A method of gathering data to perform traffic analysis between data compute nodes (DCNs) executing on host computers in a datacenter and associated with a logical network connecting the DCNs, the method comprising:
- defining a unique identifier for a logical network probe;
  
  associating the logical network probe with at least one logical observation point in the logical network, the logical network implemented over a physical network of the datacenter comprising a plurality of managed forwarding elements, the logical observation point corresponding to a plurality of different physical observation points on at least two host computers associated with a set of at least two managed forwarding elements executing on the at least two host computers along with at least two DCNs;
  
  generating data for a sample-action flow entry in a logical processing pipeline associated with the logical observation point; and
  
  distributing the sample-action flow entry data to the set of at least two managed forwarding elements in the physical network that are for processing data packets associated with the logical observation point, each managed forwarding element in the set for using a sample-action flow entry to identify packets for sampling.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein once a managed forwarding element determines that a packet matches a sample-action flow entry and should be sampled, the managed forwarding element samples the packet and sends the sampled data to a location for forwarding data regarding the sampled packets to a set of data collectors for analyzing the forwarded data.
  - 3. The method of claim 2, wherein the location is a daemon of the managed forwarding element.
  - 4. The method of claim 3, wherein the daemon aggregates the sample data from a plurality of matched packets and analyzes the aggregated data before forwarding analysis data to the set of data collectors.
  - 5. The method of claim 2, wherein the sampled data includes the unique logical probe identifier so that the data collector set can analyze the forwarded data for the logical probe.
  - 6. The method of claim 1, wherein each sample-action flow entry includes the unique logical network probe identifier and a set of matching criteria that identifies the packets that match the flow entry.
  - 7. The method of claim 6, wherein each sample-action flow entry further includes a sampling percentage that directs the managed forwarding element that processes the flow entry to only sample the percentage of the packets that satisfy the matching criteria.
  - 8. The method of claim 1, wherein once a managed forwarding element determines that a packet matches a sample-action flow entry and should be sampled, the managed forwarding element samples the packet and sends the sampled data to a set of data collectors for analyzing the sampled packet data for the logical network.
  - 9. The method of claim 8, wherein the sampled data includes the unique logical probe identifier so that the data collector set can analyze the sample data as being part of the logical probe.
  - 10. The method of claim 1, wherein the sample-action flow entry data includes a set of sample-action flow entries.
  - 11. The method of claim 1, wherein the sample-action flow entry data includes data for use by the set of at least two managed forwarding elements to produce sample-action flow entries.
  - 12. The method of claim 1, wherein the logical observation point comprises a packet modification point in the logical processing pipeline for modifying the packets processed.

13. A non-transitory machine readable medium storing a program for configuring managed forwarding elements to gather data regarding packets sent between data compute nodes (DCNs) executing on host computers in a datacenter and processed through a logical network connecting the DCNs, the program comprising sets of instructions for:
- defining a logical network probe, with a unique identifier, and associating the logical network probe with at least one logical observation point in the logical network, the logical network implemented over a physical network of the datacenter comprising a plurality of managed forwarding elements, the logical observation point corresponding to a plurality of different physical observation points on at least two host computers associated with a set of at least two managed forwarding elements executing on the at least two host computers along with at least two DCNs;
  
  generating data for programming a set of managed forwarding elements that implement a set of logical network entities that are associated with the logical observation point; and
  
  distributing the programming data to the set of at least two managed forwarding elements in the physical network, each managed forwarding element in the set for using the programming data to sample packets associated with the logical observation point.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The machine readable medium of claim 13, wherein from the programming data, each managed forwarding element stores at least one sample-action flow entry for identifying packets for sampling.
  - 15. The machine readable medium of claim 14, wherein each sample-action flow entry includes the unique logical network probe identifier and a set of matching criteria that identifies the packets that match the flow entry.
  - 16. The machine readable medium of claim 15, wherein each sample-action flow entry further includes a sampling percentage that directs the managed forwarding element that processes the flow entry to only sample the percentage of the packets that satisfy the matching criteria.
  - 17. The machine readable medium of claim 14, wherein once a managed forwarding element determines that a packet matches a sample-action flow entry and should be sampled, the managed forwarding element samples the packet and sends the sampled data to a location for aggregating and analyzing the sampled data and producing analysis data for a set of data collectors for aggregating and analyzing the analysis data, and the sampled data includes the unique logical probe identifier so that the data collector set can receive the unique logical probe identifier with the analysis data and thereby analyze the analysis data as being part of the logical probe.
  - 18. The machine readable medium of claim 17, wherein the location is a daemon of the managed forwarding element, wherein the daemon gathers and analyzes the sample data from a plurality of matched packets before forwarding analysis data to the set of data collectors.
  - 19. The machine readable medium of claim 14, wherein once a managed forwarding element determines that a packet matches a sample-action flow entry and should be sampled, the managed forwarding element samples the packet and sends the sampled data to a set of data collectors for analyzing the sampled packet data for the logical network, the sampled data includes the unique logical probe identifier so that the data collector set can analyze the sample data as being part of the logical probe.
  - 20. The machine readable medium of claim 13, wherein the logical observation point comprises a packet modification point for modifying the packets processed.
  - 21. The machine readable medium of claim 13, wherein the logical observation point comprises an address translation point for changing addresses that are contained in the packets.
  - 22. The machine readable medium of claim 13, wherein the logical observation point comprises a firewall point for examining packets to determine whether the packets should be filtered.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Lenglet, Romain F., Ramanathan, Rajiv, Xiao, Jun
Primary Examiner(s)
Nguyen, Minh Chau

Application Number

US14/587,559
Publication Number

US 20160105333A1
Time in Patent Office

1,770 Days
Field of Search

709223-225
US Class Current
CPC Class Codes

H04L 41/342   between virtual entities, e...

H04L 43/024   by adaptive sampling

H04L 43/12   Network monitoring probes

H04L 43/20   the monitoring system or th...

Logical network traffic analysis

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

264 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Logical network traffic analysis

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

264 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others