System and method for managing traffic to a probe

US 7,710,867 B1
Filed: 05/23/2003
Issued: 05/04/2010
Est. Priority Date: 05/23/2003
Status: Active Grant

First Claim

Patent Images

1. A system for routing a packet over a network, comprising:

(a) a replication component in a network device that generates a replicate packet for each received packet, wherein the replication component forwards each received packet towards at least one server that is associated with a destination of the received packet; and

(b) a distribution component in a network device that receives the replicate packet from the replication component, wherein the distribution component is arranged to perform actions, including;

(i) forwarding the replicate packet to at least one probe in a plurality of probes based at least on an application associated with the replicate packet, wherein a source MAC address in the replicate packet is unchanged;

(ii) receiving a response packet from at least one probe in the plurality of probes in response to the replicate packet;

(iii) transforming a source MAC address in the response packet to a MAC address of the distribution component; and

(iv) forwarding the transformed packet based in part on a MAC address of the destination in the transformed packet;

wherein the response packet comprises at least one of a reset command to request termination of a connection between the at least one server and a client associated with the received packet, or an indication of a detected threat.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is directed to routing a packet over a network to a probe. The system includes a replicator and a distributor. The replicator receives a packet from a client and replicates the packet. The distributor is either out-of-band or in-band to a flow of traffic between the client and a server. In the out-of-band configuration, the distributor forwards the replicate packet to at least one probe in a plurality of probes. The distributor receives a response to the replicate packet and transforms a source MAC address in the response to a MAC address of the distributor. The distributor forwards the transformed packet. The replicator forwards the original packet. In the in-band configuration, the distributor selects and forwards the original packet to a server using a first forwarding mechanism, and selects and forwards the replicate packet to a probe using a second forwarding mechanism.

Citations

18 Claims

1. A system for routing a packet over a network, comprising:
- (a) a replication component in a network device that generates a replicate packet for each received packet, wherein the replication component forwards each received packet towards at least one server that is associated with a destination of the received packet; and
  
  (b) a distribution component in a network device that receives the replicate packet from the replication component, wherein the distribution component is arranged to perform actions, including;
  
  (i) forwarding the replicate packet to at least one probe in a plurality of probes based at least on an application associated with the replicate packet, wherein a source MAC address in the replicate packet is unchanged;
  
  (ii) receiving a response packet from at least one probe in the plurality of probes in response to the replicate packet;
  
  (iii) transforming a source MAC address in the response packet to a MAC address of the distribution component; and
  
  (iv) forwarding the transformed packet based in part on a MAC address of the destination in the transformed packet;
  
  wherein the response packet comprises at least one of a reset command to request termination of a connection between the at least one server and a client associated with the received packet, or an indication of a detected threat.
- View Dependent Claims (2, 3, 15, 16)
- - 2. The system of claim 1, wherein forwarding the replicate packet to at least one probe further comprises selecting at least one probe based in part on at least one of a round trip time (RTT), least connections, packet completion rate, quality of service, topology, global availability, hop metric, hash of an address in the replicate packet, static ratio, dynamic ratio, address in the replicate packet, content of the replicate packet, round robin the replicate packet'"'"'s association with an email packet, or the replicate packet'"'"'s association with a compressed file.
  - 3. The system of claim 1, wherein forwarding the replicate packet to at least one probe further comprises forwarding the replicate packet to each probe in the plurality of probes.
  - 15. The system of claim 1, wherein the response packet comprises the reset command to request termination of a connection between the at least one server and a client associated with the received packet.
  - 16. The system of claim 1, wherein the response packet comprises the indication of a detected threat.

4. A method for routing a packet over a network, comprising:
- (a) receiving a replicate of the packet from a replication component by a distribution component in a network device;
  
  (b) forwarding the replicate packet to at least one probe in a plurality of probes based at least on an application associated with the replicate packet, wherein a source MAC address in the replicate packet is unchanged;
  
  (c) receiving a response packet to the replicate packet from at least one of the plurality of probes;
  
  (d) transforming a source MAC address in the response packet with a MAC address of the distribution component; and
  
  (e) forwarding the transformed packet based in part on a MAC address of a destination in the transformed packet;
  
  wherein the response packet comprises at least one of a reset command to request termination of a connection between at least one server and a client associated with the received packet, or an indication of a detected threat.
- View Dependent Claims (5, 6, 7, 17, 18)
- - 5. The method of claim 4, wherein forwarding the replicate packet to at least one probe further comprises selecting the at least one probe based in part on at least one of a round trip time (RTT), least connections, packet completion rate, quality of service, topology, global availability, hop metric, hash of an address in the replicate packet, static ratio, dynamic ratio, address in the replicate packet, content of the replicate packet, or round robin.
  - 6. The method of claim 4, wherein at least one probe in the plurality of probes is arranged to perform a security analysis on the replicate packet.
  - 7. The method of claim 4, wherein forwarding the replicate packet to at least one probe further comprises forwarding the replicate packet to each of the plurality of probes.
  - 17. The method of claim 4, wherein the response packet comprises the reset command to request termination of a connection between the at least one server and a client associated with the received packet.
  - 18. The method of claim 4, wherein the response packet comprises the indication of a detected threat.

8. A system for routing a packet over a network, comprising:
- (a) a replication component in a network device that generates a replicate packet for each received packet, wherein the replication component forwards each received packet towards at least one server that is associated with a destination of the received packet; and
  
  (b) a distribution component in a network device that receives the replicate packet from the replication component, wherein the distribution component is arranged to perform actions, including;
  
  (i) forwarding the replicate packet to at least one probe in a plurality of probes based at least on an application associated with the replicate packet, wherein a source MAC address in the replicate packet is unchanged;
  
  (ii) receiving a response packet from at least one probe in the plurality of probes in response to the replicate packet;
  
  (iii) transforming a source MAC address in the response packet to a MAC address of the distribution component; and
  
  (iv) forwarding the transformed packet based in part on a destination MAC address in the transformed packet;
  
  wherein a destination MAC address of the response packet is the same as a destination address of the replicate packet.
- View Dependent Claims (9, 10)
- - 9. The system of claim 8, wherein forwarding the replicate packet to at least one probe further comprises selecting at least one probe based in part on at least one of a round trip time (RTT), least connections, packet completion rate, quality of service, topology, global availability, hop metric, hash of an address in the replicate packet, static ratio, dynamic ratio, address in the replicate packet, content of the replicate packet, or round robin.
  - 10. The system of claim 8, wherein forwarding the replicate packet to at least one probe further comprises forwarding the replicate packet to each probe in the plurality of probes.

11. A method for routing a packet over a network, comprising:
- (a) receiving a replicate of the packet from a replication component by a distribution component in a network device;
  
  (b) forwarding the replicate packet to at least one probe in a plurality of probes based at least on an application associated with the replicate packet, wherein a source MAC address in the replicate packet is unchanged;
  
  (c) receiving a response packet to the replicate packet from at least one of the plurality of probes;
  
  (d) transforming a source MAC address in the response packet with a MAC address of the distribution component; and
  
  (e) forwarding the transformed packet based in part on a destination MAC address in the transformed packet;
  
  wherein a destination MAC address of the response packet is the same as a destination address of the replicate packet.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, wherein forwarding the replicate packet to at least one probe further comprises selecting the at least one probe based in part on at least one of a round trip time (RTT), least connections, packet completion rate, quality of service, topology, global availability, hop metric, hash of an address in the replicate packet, static ratio, dynamic ratio, address in the replicate packet, content of the replicate packet, or round robin.
  - 13. The method of claim 11, wherein at least one probe in the plurality of probes is arranged to perform a security analysis on the replicate packet.
  - 14. The method of claim 11, wherein forwarding the replicate packet to at least one probe further comprises forwarding the replicate packet to each of the plurality of probes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
F5 Networks, Inc. (F5 Incorporated)
Inventors
Masters, Richard Roderick
Primary Examiner(s)
Shah; Chirag G
Assistant Examiner(s)
SMITH, JOSHUA Y

Application Number

US10/444,279
Time in Patent Office

2,538 Days
Field of Search

370229-258, 370216-228, 726 11- 15, 709/230
US Class Current

370/229
CPC Class Codes

H04L 43/12 Network monitoring probes

System and method for managing traffic to a probe

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for managing traffic to a probe

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links