Ruled-based network traffic interception and distribution scheme

US 10,728,176 B2
Filed: 08/31/2018
Issued: 07/28/2020
Est. Priority Date: 12/20/2013
Status: Active Grant

First Claim

Patent Images

1. A network device, comprising:

a plurality of virtual local area networks (VLANs), wherein each of the plurality of VLANs is associated with one or more ports;

one or more processors; and

a memory coupled to the one or more processors, wherein the memory includes instructions that, when executed by the one or more processors, cause at least one processor from the one or more processors to perform operations comprising;

determining a class for a packet received at the network device, wherein the class is determined using a first attribute of the packet;

selecting a VLAN from the plurality of VLANs based on the class, wherein the selected VLAN comprises multiple groups of two or more ports;

generating, based on a second attribute of the packet, a first identification value for the packet;

accessing a data structure that comprises a plurality of second identification values, wherein each of the plurality of second identification values is associated with a respective subset of ports of the selected VLAN and wherein the plurality of second identification values are generated using a hash function;

selecting, from the data structure, a subset of ports associated with the first identification value, wherein the selected subset of ports comprises a port from each of the multiple groups of two or more ports; and

sending a copy of the packet through each port from the selected subset of ports.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Using a hash function, an L2/L3 switch can produce an FID for a data packet. The L2/L3 switch can select, from among potentially several stored VLAN flooding tables, a particular VLAN flooding table that is associated with a particular VLAN on which the data packet is to be carried. The rows of the particular VLAN flooding table can specify different combinations of the particular VLAN'"'"'s egress ports. The L2/L3 switch can locate, in the particular VLAN flooding table, a particular row that specifies the FID. The L2/L3 switch can read, from the particular row, a specified subset of the egress ports that are associated with the particular VLAN. The L2/L3 switch can transmit copies of the data packet out each of the egress ports specified in the subset, toward analytic servers connected to those egress ports.

Citations

19 Claims

1. A network device, comprising:
- a plurality of virtual local area networks (VLANs), wherein each of the plurality of VLANs is associated with one or more ports;
  
  one or more processors; and
  
  a memory coupled to the one or more processors, wherein the memory includes instructions that, when executed by the one or more processors, cause at least one processor from the one or more processors to perform operations comprising;
  
  determining a class for a packet received at the network device, wherein the class is determined using a first attribute of the packet;
  
  selecting a VLAN from the plurality of VLANs based on the class, wherein the selected VLAN comprises multiple groups of two or more ports;
  
  generating, based on a second attribute of the packet, a first identification value for the packet;
  
  accessing a data structure that comprises a plurality of second identification values, wherein each of the plurality of second identification values is associated with a respective subset of ports of the selected VLAN and wherein the plurality of second identification values are generated using a hash function;
  
  selecting, from the data structure, a subset of ports associated with the first identification value, wherein the selected subset of ports comprises a port from each of the multiple groups of two or more ports; and
  
  sending a copy of the packet through each port from the selected subset of ports.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The network device of claim 1, wherein the instructions, when executed by the one or more processors, cause the at least one processor from the one or more processors to perform operations further comprising:
    - creating the copy of the packet received at the network device; and
      
      transmitting the packet received at the network device to a destination associated with the packet.
  - 3. The network device of claim 1, wherein the instructions, when executed by the one or more processors, cause the at least one processor from the one or more processors to perform operations further comprising:
    - selecting the data structure from a plurality of data structures based on the selected VLAN.
  - 4. The network device of claim 1, wherein the selected subset of ports further comprises a port not associated with the multiple groups of two or more ports.
  - 5. The network device of claim 1, wherein a number of ports of the selected subset of ports is less than a number of ports associated with the selected VLAN.
  - 6. The network device of claim 1, wherein the selected subset of ports is coupled to one or more analytic servers and the sending the copy of the packet comprises sending the packet to the one or more analytic servers.
  - 7. The network device of claim 1, wherein determining the class for the packet comprises determining the class based on one or more classification rules associated with an ingress port of the network device at which the packet is received.
  - 8. The network device of claim 1, wherein the data structure comprises a table having a plurality of rows and wherein each one of the plurality of rows is associated with a corresponding one of the plurality of second identification values.
  - 9. The network device of claim 8, wherein a number of the plurality of rows is equal to a least common multiple of numbers of ports of the multiple groups of two or more ports.
  - 10. The network device of claim 8, wherein the table comprises a plurality of columns and wherein a number of the plurality of columns is equal to a sum of a number of the multiple groups of two or more ports, a number of ports not associated with any group of ports, and one.

11. A method, comprising:
- determining a class for a packet received at a network device that comprises a plurality of virtual local area networks (VLANs), wherein each of the plurality of VLANs is associated with one or more ports;
  
  selecting a VLAN from the plurality of VLANs based on the class, wherein the selected VLAN comprises multiple groups of two or more ports;
  
  generating a first identification value for the packet;
  
  accessing a data structure that comprises a plurality of second identification values, wherein each of the plurality of second identification values is associated with a respective subset of ports of the selected VLAN and wherein the plurality of second identification values are generated using a hash function;
  
  selecting, from the data structure, a subset of ports that is associated with the first identification value, wherein the selected subset of ports comprises a port from each of the multiple groups of two or more ports; and
  
  transmitting a copy of the packet through at least one port from the selected subset of ports.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, further comprising:
    - creating the copy of the packet received at the network device; and
      
      transmitting the packet received at the network device to a destination associated with the packet.
  - 13. The method of claim 11, further comprising:
    - selecting the data structure from a plurality of data structures based on the selected VLAN.
  - 14. The method of claim 11, wherein the selected subset of ports is coupled to one or more analytic servers and the transmitting the copy of the packet comprises transmitting the packet to the one or more analytic servers.
  - 15. The method of claim 11, wherein the selected subset of ports further comprises a port not associated with the multiple groups of two or more ports.
  - 16. The method of claim 11, wherein the class for the packet is further determined based on one or more classification rules associated to an ingress port of the network device at which the packet is received.

17. A non-transitory computer-readable device at a network device having instructions stored thereon that, when executed by at least one computing device, causes the at least one computing device to perform operations comprising:
- creating a copy of a packet received at the network device;
  
  transmitting the packet to a destination associated with the packet;
  
  determining a class for the copy of the packet, wherein the class is determined using a first attribute of the copy of the packet and wherein the network device comprises a plurality of virtual local area networks (VLANs), wherein each of the plurality of VLANs is associated with one or more ports;
  
  selecting a VLAN from the plurality of VLANs based on the class, wherein the selected VLAN comprises multiple groups of two or more ports;
  
  generating, based on a second attribute of the copy of the packet and a hash function, a first identification value for the copy of the packet;
  
  accessing a data structure that comprises a plurality of second identification values, wherein each of the plurality of second identification values is associated with a respective subset of ports of the selected VLAN and wherein the plurality of second identification values are generated using a hash function;
  
  selecting, from the data structure, a subset of ports associated with the first identification value, wherein the selected subset of ports comprises a port from each of the multiple groups of two or more ports; and
  
  transmitting the copy of the packet to one or more analytic servers through each port from the selected subset of ports.
- View Dependent Claims (18, 19)
- - 18. The non-transitory computer-readable device of claim 17, the operations further comprising:
    - selecting the data structure from a plurality of data structures based on the selected VLAN.
  - 19. The non-transitory computer-readable device of claim 17, wherein the selected subset of ports comprises a port not associated with the multiple groups of two or more ports.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Extreme Networks, Inc.
Inventors
Chen, Xiaochu, Hsu, Ivy Pei-Shan, Chinthalapati, Eswara, Chhabria, Sanjeev
Primary Examiner(s)
Yuen, Kan

Application Number

US16/120,151
Publication Number

US 20190116133A1
Time in Patent Office

697 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/467   Arrangements for supporting...

H04L 47/125   by balancing the load, e.g....

H04L 49/3009   Header conversion, routing ...

H04L 49/354   for supporting virtual loca...

H04L 49/602   Multilayer or multiprotocol...

H04L 69/324   in the data link layer [OSI...

H04L 69/325   in the network layer [OSI l...

Ruled-based network traffic interception and distribution scheme

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Ruled-based network traffic interception and distribution scheme

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links