NETFLOW COLLECTION AND EXPORT OFFLOAD USING NETWORK SILICON

US 20160380865A1
Filed: 06/26/2015
Published: 12/29/2016
Est. Priority Date: 06/26/2015
Status: Active Grant

First Claim

Patent Images

1. A method for collecting Netflow data via functionality implemented in a hardware component of a network device, the method comprising:

programming the hardware component with a plurality of 7-tuple filters, each 7-tuple filter defining a set of 7 packet header field values defining a respective Netflow;

detecting, via the hardware component, whether a packet belongs to a given Netflow using the plurality of 7-tuple filters;

if a 7-tuple filter match is detected, adding data associated with the packet to Netflow data for the Netflow corresponding to the 7-tuple filter match;

collecting, via the hardware component, Netflow data for a plurality of Netflows; and

forwarding the Netflow data that is collected to one of a Netflow export agent and a Netflow collector.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for collection of Netflow data and export offload using network silicon. In accordance with aspects of the embodiments, the Netflow export and collection functions are offloaded to the network silicon in the chipset, System on a Chip (SoC), backplane switch, disaggregated switch, virtual switch (vSwitch) accelerator, and Network Interface Card/Controller (NIC) level. For apparatus implementing virtualized environments, one or both of the collection and export functions are implemented at the Physical Function (PF) and/or Virtual Function (VF) layers of the apparatus.

Citations

25 Claims

1. A method for collecting Netflow data via functionality implemented in a hardware component of a network device, the method comprising:
- programming the hardware component with a plurality of 7-tuple filters, each 7-tuple filter defining a set of 7 packet header field values defining a respective Netflow;
  
  detecting, via the hardware component, whether a packet belongs to a given Netflow using the plurality of 7-tuple filters;
  
  if a 7-tuple filter match is detected, adding data associated with the packet to Netflow data for the Netflow corresponding to the 7-tuple filter match;
  
  collecting, via the hardware component, Netflow data for a plurality of Netflows; and
  
  forwarding the Netflow data that is collected to one of a Netflow export agent and a Netflow collector.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the network device is a Network Interface Controller (NIC).
  - 3. The method of claim 1, wherein the network device comprises a switch.
  - 4. The method of claim 3, wherein the switch comprises a disaggregated switch
  - 5. The method of claim 3, wherein the switch comprises a backplane switch.
  - 6. The method of claim 1, wherein the network device comprises an accelerated virtual switch.
  - 7. The method of claim 1, wherein the Netflow data is collected at a Physical Function (PF) layer.
  - 8. The method of claim 1, wherein the Netflow data is collected at a Virtual Function layer.
  - 9. The method of claim 1, wherein the network device is implemented in an apparatus hosting multiple virtual machines (VMs), and the Netflow data that is collected includes Netflow data relating to VM-to-VM traffic that is forwarded between VMs operating within the apparatus.
  - 10. The method of claim 1, wherein the network device employs a Single Root Virtual I/O (SR-IOV) architecture, and the Netflow data is collected in an Ethernet function block.

11. An apparatus, comprising:
- a network device, including a plurality of ports, the network device including embedded logic for performing operations relating to the collection of Netflow data for packets passing through at least one of the plurality of ports when the apparatus is operating, the operations including,detecting whether a packet belongs to a given Netflow using a plurality of 7-tuple filters;
  
  if a 7-tuple filter match is detected, adding data associated with the packet to Netflow data for the Netflow corresponding to the 7-tuple filter match;
  
  collecting Netflow data for a plurality of Netflows; and
  
  forwarding the Netflow data that is collected to one of a Netflow export agent and a Netflow collector.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The apparatus of claim 11, wherein the apparatus further comprises embedded logic for implementing a Netflow export agent, and the operations further comprise:
    - forwarding the Netflow data that is collected to the Netflow export agent; and
      
      forwarding Netflow data from the Netflow export agent to a Netflow collector that is external to the apparatus.
  - 13. The apparatus of claim 11, wherein the network device comprises a Network Interface Controller (NIC).
  - 14. The apparatus of claim 13, wherein the NIC includes a plurality of ports, and wherein one of the plurality of ports is dedicated to forwarding Netflow data to a Netflow collector.
  - 15. The apparatus of claim 11, wherein the apparatus comprises one of a server chassis including at least one server and a sled including a plurality of servers, and wherein the network device comprises a backplane switch.
  - 16. The apparatus of claim 11, wherein the apparatus comprises one of a server chassis including at least one server and a sled including a plurality of servers, and wherein the network device comprises a disaggregated switch.
  - 17. The apparatus of claim 11, wherein the network device is implemented in an apparatus hosting multiple virtual machines (VMs), and the Netflow data that is collected include data relating to VM-to-VM traffic that is forwarded between VMs operating within the apparatus.
  - 18. The apparatus of claim 11, wherein the apparatus employs a Single Root Virtual I/O (SR-IOV) architecture, and the Netflow data is collected in an Ethernet function block.
  - 19. The apparatus of claim 11, wherein the Netflow data is collected at a network port queue port of the network device.
  - 20. The apparatus of claim 11, wherein the apparatus is configured to support a virtualized execution environment, and Netflow data is collected at a Physical Function (PF) layer of the virtualized execution environment.
  - 21. The apparatus of claim 11, wherein the apparatus is configured to support a virtualized execution environment, and Netflow data is collected at a Virtual Function layer (VF) layer of the virtualized execution environment.

22. An apparatus comprising:
- At least one processor, having a plurality of cores;
  
  memory, operatively coupled to the plurality of cores;
  
  a storage device, in which software instructions are stored; and
  
  a physical network switch communicatively coupled to the processor,wherein the software instructions are configured to be executed on one or more of the plurality of cores to perform operations including,implementing a hypervisor configured to host a plurality of virtual machines (VMs)implementing a virtual switch having a plurality of virtual ports communicatively coupled to the plurality of VMs, which is configured to enable network traffic to be forwarded between the VMs without leaving the apparatus;
  
  configuring at least one virtual port in the virtual switch with a plurality of 7-tuple filters, each 7-tuple filter defining a set of 7 packet header field values defining a respective Netflow;
  
  detecting whether a packet received at or sent out from the at least one virtual port belongs to a given Netflow using the plurality of 7-tuple filters;
  
  if a 7-tuple filter match is detected, adding data associated with the packet to Netflow data for the Netflow corresponding to the 7-tuple filter match; and
  
  collecting Netflow data for a plurality of Netflows traversing the virtual switch.
- View Dependent Claims (23, 24, 25)
- - 23. The apparatus of claim 22, wherein a Netflow collection agent is implemented in the virtual switch that is configured to forward Netflow data to a Netflow export agent implemented in the physical network switch.
  - 24. The apparatus of claim 23, wherein the Netflow export agent is further configured to transfer Netflow data that is collected via an output port on the physical switch to a Netflow collector.
  - 25. The apparatus of claim 22, wherein the physical network switch is further configured to collect Netflow data for network traffic received at or sent out from at least one port on the physical network switch.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Dubal, Scott P., Hearn, James R., Connor, Patrick

Granted Patent

US 10,063,446 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

H04L 41/046   comprising network manageme...

H04L 41/40   using virtualisation of net...

H04L 43/026   using flow identification

H04L 43/12   Network monitoring probes

H04L 43/14   using software, i.e. softwa...

H04L 43/20   the monitoring system or th...

NETFLOW COLLECTION AND EXPORT OFFLOAD USING NETWORK SILICON

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

NETFLOW COLLECTION AND EXPORT OFFLOAD USING NETWORK SILICON

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links