Mirroring of a random subset of network traffic
First Claim
1. A method of mirroring network traffic, the method comprising:
- receiving a data packet by a network device;
categorizing the data packet into one of a plurality of monitoring classes, wherein each of the plurality of monitoring classes identifies a different type of data packet, wherein at least one of the plurality of monitoring classes is to be mirrored and at least another one of the plurality of monitoring classes is not to be mirrored, and wherein at least one of the plurality of monitoring classes has a different probability of being randomly selected for mirroring than at least another one of the plurality of monitoring classes;
in response to a determination that the data packet is categorized into a monitoring class to be mirrored, applying an algorithm including randomization to determine whether the data packet is selected to be mirrored, wherein the probability that the data packet is selected to be mirrored is based upon the monitoring class into which the data packet is categorized;
sending the data packet to a destination port; and
if the data packet is selected to be mirrored, then also sending the data packet to a mirror port.
2 Assignments
0 Petitions
Accused Products
Abstract
One embodiment disclosed relates to a method of mirroring network traffic. A data packet is received by a network device, and an algorithm including randomization is applied to determine whether the data packet is selected to be mirrored. The packet is sent to a destination port, and if the data packet is selected to be mirrored, then the packet is also sent to a mirror port. Another embodiment of the invention relates to a networking device. The networking device includes at least a plurality of ports, a switching/routing engine, and a mirroring engine. The plurality of ports receive and transmit packets therefrom, and the switching/routing engine is coupled to the ports for transferring the packets therebetween. The mirroring engine is configured to apply an algorithm including randomization to select data packets for mirroring. Other embodiments are also disclosed.
23 Citations
15 Claims
-
1. A method of mirroring network traffic, the method comprising:
-
receiving a data packet by a network device; categorizing the data packet into one of a plurality of monitoring classes, wherein each of the plurality of monitoring classes identifies a different type of data packet, wherein at least one of the plurality of monitoring classes is to be mirrored and at least another one of the plurality of monitoring classes is not to be mirrored, and wherein at least one of the plurality of monitoring classes has a different probability of being randomly selected for mirroring than at least another one of the plurality of monitoring classes; in response to a determination that the data packet is categorized into a monitoring class to be mirrored, applying an algorithm including randomization to determine whether the data packet is selected to be mirrored, wherein the probability that the data packet is selected to be mirrored is based upon the monitoring class into which the data packet is categorized; sending the data packet to a destination port; and if the data packet is selected to be mirrored, then also sending the data packet to a mirror port. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A networking device comprising:
- a plurality of ports for receiving and transmitting packets therefrom;
a switching/routing engine coupled to the ports for transferring the packets there between; and
a mirroring engine to categorize the packets into one of a plurality of monitoring classes, wherein each of the plurality of monitoring classes identifies a different type of packet, wherein at least one of the plurality of monitoring classes is to be mirrored and at least another one of the plurality of monitoring classes is not to be mirrored, wherein at least one of the plurality of monitoring classes has a different probability of being randomly selected for mirroring than at least another one of the plurality of monitoring classes, and to apply an algorithm including randomization to randomly select a subset of the packets categorized into a monitoring class to be mirrored for mirroring, wherein the probability that the data packet is selected to be mirrored is based upon the monitoring class into which the data packet is categorized, wherein some of the packets do not belong to the subset. - View Dependent Claims (8, 9, 10)
- a plurality of ports for receiving and transmitting packets therefrom;
-
11. An apparatus for mirroring of network traffic, the method comprising:
-
a plurality of ports configured to receive and send data packets; means for categorizing the data packets into one of a plurality of monitoring classes, wherein each of the plurality of monitoring classes identifies a different type of data packet, wherein at least one of the plurality of monitoring classes is to be mirrored and at least another one of the plurality of monitoring classes is not to be mirrored, and wherein at least one of the plurality of monitoring classes has a different probability of being randomly selected for mirroring than at least another one of the plurality of monitoring classes; means for applying an algorithm including randomization to determine whether a data packet that has been categorized into a monitoring class to be mirrored is selected to be mirrored, wherein the probability that the data packet is selected to be mirrored is based upon the monitoring class into which the data packet is categorized; and means for sending the data packet to a destination port and for sending the data packet to a monitoring port if the data packet is selected to be mirrored.
-
-
12. A networking device comprising:
- a plurality of ports including a receiving port configured to receive a plurality of packets, one or more destination ports, and a mirror port; and
circuitry to forward the packets of the plurality to the destination ports, to categorize the packets into one of a plurality of monitoring classes, wherein each of the plurality of monitoring classes identifies a different type of packet, wherein at least one of the plurality of monitoring classes is to be mirrored and at least another one of the plurality of monitoring classes is not to be mirrored, wherein at least one of the plurality of monitoring classes has a different probability of being randomly selected for mirroring than at least another one of the plurality of monitoring classes, and to apply an algorithm including randomization to randomly select a subset of packets from the plurality of packets categorized into a monitoring class to be mirrored for mirroring, wherein the probability that the data packet is selected to be mirrored is based upon the monitoring class into which the data packet is categorized, and to forward the selected subset of packets to the mirror port, wherein some of the packets of the plurality do not belong to the subset. - View Dependent Claims (13, 14, 15)
- a plurality of ports including a receiving port configured to receive a plurality of packets, one or more destination ports, and a mirror port; and
Specification