System and method for managing traffic to a probe
First Claim
1. A system for routing a packet over a network, comprising:
- (a) a replication component in a network device that generates a replicate packet for each received packet, wherein the replication component forwards each received packet towards at least one server that is associated with a destination of the received packet; and
(b) a distribution component in a network device that receives the replicate packet from the replication component, wherein the distribution component is arranged to perform actions, including;
(i) forwarding the replicate packet to at least one probe in a plurality of probes based at least on an application associated with the replicate packet, wherein a source MAC address in the replicate packet is unchanged;
(ii) receiving a response packet from at least one probe in the plurality of probes in response to the replicate packet;
(iii) transforming a source MAC address in the response packet to a MAC address of the distribution component; and
(iv) forwarding the transformed packet based in part on a MAC address of the destination in the transformed packet;
wherein the response packet comprises at least one of a reset command to request termination of a connection between the at least one server and a client associated with the received packet, or an indication of a detected threat.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method is directed to routing a packet over a network to a probe. The system includes a replicator and a distributor. The replicator receives a packet from a client and replicates the packet. The distributor is either out-of-band or in-band to a flow of traffic between the client and a server. In the out-of-band configuration, the distributor forwards the replicate packet to at least one probe in a plurality of probes. The distributor receives a response to the replicate packet and transforms a source MAC address in the response to a MAC address of the distributor. The distributor forwards the transformed packet. The replicator forwards the original packet. In the in-band configuration, the distributor selects and forwards the original packet to a server using a first forwarding mechanism, and selects and forwards the replicate packet to a probe using a second forwarding mechanism.
-
Citations
18 Claims
-
1. A system for routing a packet over a network, comprising:
-
(a) a replication component in a network device that generates a replicate packet for each received packet, wherein the replication component forwards each received packet towards at least one server that is associated with a destination of the received packet; and (b) a distribution component in a network device that receives the replicate packet from the replication component, wherein the distribution component is arranged to perform actions, including; (i) forwarding the replicate packet to at least one probe in a plurality of probes based at least on an application associated with the replicate packet, wherein a source MAC address in the replicate packet is unchanged; (ii) receiving a response packet from at least one probe in the plurality of probes in response to the replicate packet; (iii) transforming a source MAC address in the response packet to a MAC address of the distribution component; and (iv) forwarding the transformed packet based in part on a MAC address of the destination in the transformed packet; wherein the response packet comprises at least one of a reset command to request termination of a connection between the at least one server and a client associated with the received packet, or an indication of a detected threat. - View Dependent Claims (2, 3, 15, 16)
-
-
4. A method for routing a packet over a network, comprising:
-
(a) receiving a replicate of the packet from a replication component by a distribution component in a network device; (b) forwarding the replicate packet to at least one probe in a plurality of probes based at least on an application associated with the replicate packet, wherein a source MAC address in the replicate packet is unchanged; (c) receiving a response packet to the replicate packet from at least one of the plurality of probes; (d) transforming a source MAC address in the response packet with a MAC address of the distribution component; and (e) forwarding the transformed packet based in part on a MAC address of a destination in the transformed packet; wherein the response packet comprises at least one of a reset command to request termination of a connection between at least one server and a client associated with the received packet, or an indication of a detected threat. - View Dependent Claims (5, 6, 7, 17, 18)
-
-
8. A system for routing a packet over a network, comprising:
-
(a) a replication component in a network device that generates a replicate packet for each received packet, wherein the replication component forwards each received packet towards at least one server that is associated with a destination of the received packet; and (b) a distribution component in a network device that receives the replicate packet from the replication component, wherein the distribution component is arranged to perform actions, including; (i) forwarding the replicate packet to at least one probe in a plurality of probes based at least on an application associated with the replicate packet, wherein a source MAC address in the replicate packet is unchanged; (ii) receiving a response packet from at least one probe in the plurality of probes in response to the replicate packet; (iii) transforming a source MAC address in the response packet to a MAC address of the distribution component; and (iv) forwarding the transformed packet based in part on a destination MAC address in the transformed packet; wherein a destination MAC address of the response packet is the same as a destination address of the replicate packet. - View Dependent Claims (9, 10)
-
-
11. A method for routing a packet over a network, comprising:
-
(a) receiving a replicate of the packet from a replication component by a distribution component in a network device; (b) forwarding the replicate packet to at least one probe in a plurality of probes based at least on an application associated with the replicate packet, wherein a source MAC address in the replicate packet is unchanged; (c) receiving a response packet to the replicate packet from at least one of the plurality of probes; (d) transforming a source MAC address in the response packet with a MAC address of the distribution component; and (e) forwarding the transformed packet based in part on a destination MAC address in the transformed packet; wherein a destination MAC address of the response packet is the same as a destination address of the replicate packet. - View Dependent Claims (12, 13, 14)
-
Specification