Network flow stitching using middle box flow stitching
First Claim
1. A method comprising:
- collecting flow records of traffic flow segments at a middlebox in a network environment corresponding to one or more traffic flows passing through the middlebox, the flow records including one or more transaction identifiers assigned to the traffic flow segments;
identifying flow directions of the traffic flow segments in the network environment with respect to the middlebox using the flow records;
maintaining a hash table including entries for each of the traffic flow segments at the middlebox, wherein each entry includes a transaction identifier of the one or more transaction identifiers assigned to the traffic flow segment;
grouping together the entries in the hash table of traffic flow segments having shared transaction identifiers of the one or more transaction identifiers;
stitching together the traffic flow segments to form a stitched traffic flow of the one or more traffic flows passing through the middlebox in the network environment based on the entries of the traffic flow segments grouped together according to the shared transaction identifiers and the flow directions of the traffic flow segments in the network environment with respect to the middlebox; and
incorporating the stitched traffic flow as part of network traffic data for the network environment.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and computer-readable media for flow stitching network traffic flow segments at a middlebox in a network environment. In some embodiments, a method can include collecting flow records of traffic flow segments at a middlebox in a network environment including one or more transaction identifiers assigned to the traffic flow segments. The traffic flow segments can correspond to one or more traffic flows passing through the middlebox and flow directions of the traffic flow segments with respect to the middlebox can be identified using the flow records. The traffic flow segments can be stitched together based on the one or more transaction identifiers and the flow directions of the traffic flow segments to form a stitched traffic flow of the one or more traffic flows passing through the middlebox. The stitched traffic flow can be incorporated as part of network traffic data for the network environment.
-
Citations
20 Claims
-
1. A method comprising:
-
collecting flow records of traffic flow segments at a middlebox in a network environment corresponding to one or more traffic flows passing through the middlebox, the flow records including one or more transaction identifiers assigned to the traffic flow segments; identifying flow directions of the traffic flow segments in the network environment with respect to the middlebox using the flow records; maintaining a hash table including entries for each of the traffic flow segments at the middlebox, wherein each entry includes a transaction identifier of the one or more transaction identifiers assigned to the traffic flow segment; grouping together the entries in the hash table of traffic flow segments having shared transaction identifiers of the one or more transaction identifiers; stitching together the traffic flow segments to form a stitched traffic flow of the one or more traffic flows passing through the middlebox in the network environment based on the entries of the traffic flow segments grouped together according to the shared transaction identifiers and the flow directions of the traffic flow segments in the network environment with respect to the middlebox; and incorporating the stitched traffic flow as part of network traffic data for the network environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
one or more processors; and
at least one non-transitory computer-readable storage medium having stored therein instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising;collecting flow records of traffic flow segments at a middlebox in a network environment corresponding to one or more traffic flows passing between a client and a server directly through the middlebox, the flow records including one or more transaction identifiers assigned to the traffic flow segments; identifying flow directions of the traffic flow segments in the network environment with respect to the middlebox using the flow records; maintaining a hash table including entries for each of the traffic flow segments at the middlebox, wherein each entry includes a transaction identifier of the one or more transaction identifiers assigned to the traffic flow segment; grouping together the entries in the hash table of traffic flow segments having shared transaction identifiers of the one or more transaction identifiers; stitching together the traffic flow segments to form a stitched traffic flow of the one or more traffic flows passing through the middlebox in the network environment based on the entries of the traffic flow segments grouped together according to the shared transaction identifiers and the flow directions of the traffic flow segments in the network environment with respect to the middlebox; and incorporating the stitched traffic flow as part of network traffic data for the network environment. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A non-transitory computer-readable storage medium having stored therein instructions which, when executed by a processor, cause the processor to perform operations comprising:
-
collecting flow records of traffic flow segments at a middlebox in a network environment corresponding to one or more traffic flows passing through the middlebox, the flow records including one or more transaction identifiers assigned to the traffic flow segments; identifying flow directions of the traffic flow segments in the network environment with respect to the middlebox using the flow records; maintaining a hash table including entries for each of the traffic flow segments at the middlebox, wherein each entry includes a transaction identifier of the one or more transaction identifiers assigned to the traffic flow segment; grouping together the entries in the hash table of traffic flow segments having shared transaction identifiers of the one or more transaction identifiers; stitching together the traffic flow segments to form a stitched traffic flow of the one or more traffic flows passing through the middlebox in the network environment based on the entries of the traffic flow segments grouped together according to the shared transaction identifiers and the flow directions of the traffic flow segments in the network environment with respect to the middlebox; and incorporating the stitched traffic flows as part of an application dependency mapping included as part of network traffic data for the network environment.
-
Specification