System and method for managing traffic to a probe

US 8,615,010 B1
Filed: 02/18/2009
Issued: 12/24/2013
Est. Priority Date: 05/23/2003
Status: Active Grant

First Claim

Patent Images

1. An apparatus for routing a packet over a network, comprising:

a replication component that generates a replicate packet for each received packet; and

a non-transitory distribution component in communication with the replication component, wherein the distribution component is arranged to perform actions, including;

if a first mode is selected, forwarding the replicate packet to each of a plurality of probes while forwarding the received packet to at least one server, wherein the plurality of probes comprises two or more security probes that each perform a different security analysis on the replicate packet;

if a second mode is selected;

selecting which one of the plurality of probes to forward the replicate packet based at least on an application associated with the replicate packet and further based on a load-balancing mechanism; and

forwarding the replicate packet to the selected one of the plurality of probes while forwarding the received packet to at least one server; and

if a response packet received from at least one probe in the plurality of probes includes a reset command to the at least one server, terminating a connection between the at least one server and a client associated with the received packet.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is directed to routing a packet over a network to a probe. The system includes a replicator and a distributor. The replicator receives a packet from a client and replicates the packet. The distributor is either out-of-band or in-band to a flow of traffic between the client and a server. In the out-of-band configuration, the distributor forwards the replicate packet to at least one probe in a plurality of probes. The distributor receives a response to the replicate packet and transforms a source MAC address in the response to a MAC address of the distributor. The distributor forwards the transformed packet. The replicator forwards the original packet. In the in-band configuration, the distributor selects and forwards the original packet to a server using a first forwarding mechanism, and selects and forwards the replicate packet to a probe using a second forwarding mechanism.

Citations

31 Claims

1. An apparatus for routing a packet over a network, comprising:
- a replication component that generates a replicate packet for each received packet; and
  
  a non-transitory distribution component in communication with the replication component, wherein the distribution component is arranged to perform actions, including;
  
  if a first mode is selected, forwarding the replicate packet to each of a plurality of probes while forwarding the received packet to at least one server, wherein the plurality of probes comprises two or more security probes that each perform a different security analysis on the replicate packet;
  
  if a second mode is selected;
  
  selecting which one of the plurality of probes to forward the replicate packet based at least on an application associated with the replicate packet and further based on a load-balancing mechanism; and
  
  forwarding the replicate packet to the selected one of the plurality of probes while forwarding the received packet to at least one server; and
  
  if a response packet received from at least one probe in the plurality of probes includes a reset command to the at least one server, terminating a connection between the at least one server and a client associated with the received packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The apparatus of claim 1, wherein the load-balancing mechanism further comprises at least one of a round trip time (RTT), least connections, packet completion rate, quality of service, topology, global availability, hop metric, hash of an address in the replicate packet, static ratio, dynamic ratio, address in the replicate packet, content of the replicate packet, and round robin.
  - 3. The apparatus of claim 1, wherein at least one security probe in the two or more security probes is arranged to perform a security analysis that comprises scanning the replicate packet for at least one of a virus, an unauthorized email, an unauthorized network access, an intrusion, or a denial of service attack.
  - 4. The apparatus of claim 1, wherein forwarding the replicate packet to each of the plurality of probes further comprises configuring at least one of the probes to receive the replicate packet in a promiscuous mode.
  - 5. The apparatus of claim 1, wherein the distribution component is arranged to perform actions, further comprising:
    - transforming a source MAC address in the response packet to a MAC address of the distribution component; and
      
      forwarding the transformed packet based in part on a destination MAC address in the transformed packet.
  - 6. The apparatus of claim 1, wherein the distribution component is arranged to perform actions, further comprising:
    - selecting at least one server in a plurality of servers for which to forward the received packet.
  - 7. The apparatus of claim 6, wherein selecting at least one server further comprises basing the selection in part on a load-balancing mechanism.
  - 8. The apparatus of claim 1, wherein the replication component is arranged to perform actions, further comprising forwarding each received packet towards at least one server that is associated with a destination of the received packet.
  - 9. The apparatus of claim 1, wherein the load-balancing mechanism further comprises selecting one of the plurality of probes based in part on a mechanism employed for selecting a server in a plurality of servers to which to forward the packet.
  - 10. The apparatus of claim 1, wherein forwarding the replicate packet further comprises forwarding the replicate packet based in part on at least one of a network characteristic, a payload characteristic, and a selection characteristic of the replicate packet.
  - 11. The apparatus of claim 1, wherein replicating the packet further comprises mirroring the packet at a port.
  - 12. The apparatus of claim 1, wherein selecting the one of the plurality of probes is further based in part on a payload characteristic of the replicate packet.
  - 13. The apparatus of claim 1, wherein selecting the one of the plurality of probes is further based in part on a selection characteristic of the replicate packet.

14. A method for routing a packet over a network, comprising:
- receiving the packet;
  
  replicating the packet;
  
  forwarding the packet to a server in a plurality of servers using a first forwarding mechanism;
  
  selecting which of at least one probe of a plurality of probes to forward the replicate packet using a second forwarding mechanism and based at least on an application associated with the replicate packet, wherein the plurality of probes comprises two or more security probes that each perform a different security analysis on the replicate packet;
  
  forwarding the replicate packet to the selected at least one probe using the second forwarding mechanism;
  
  if a response packet received from at least one probe in the plurality of probes includes a reset command to the server, terminating a connection between the server and a client associated with the packet, andwherein the second forwarding mechanism further comprising the selecting based on a load-balancing mechanism.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, wherein the second forwarding mechanism is selected based in part on the first forwarding mechanism.
  - 16. The method of claim 14, wherein the first forwarding mechanism further comprises selecting at least one server based in part on a load-balancing mechanism.
  - 17. The method of claim 14, wherein the second forwarding mechanism further elects the at least one probe based in part on at least one of a network characteristic, a payload characteristic, and a selection characteristic of the replicate packet.

18. An apparatus for routing a packet over a network, comprising:
- a replication component that generates a replicate packet for each received packet; and
  
  a non-transitory traffic engine, coupled to the replication component, that is arranged to perform actions, including;
  
  receiving the packet;
  
  receiving the replicate packet;
  
  forwarding the packet to a server in a plurality of servers using a first forwarding mechanism;
  
  selecting which of at least one probe of a plurality of probes to forward the replicate packet using a second forwarding mechanism and based at least on an application associated with the replicate packet, wherein the plurality of probes comprises two or more security probes that each perform a different security analysis on the replicate packet;
  
  forwarding the replicate packet to the selected at least one probe using the second forwarding mechanism,if a response packet received from at least one probe in the plurality of probes includes a reset command to the server, terminating a connection between the server and a client associated with the packet, andwherein the second forwarding mechanism further comprising the selecting based on a load-balancing mechanism.
- View Dependent Claims (19, 20)
- - 19. The apparatus of claim 18, wherein the second forwarding mechanism is selected based in part on the first forwarding mechanism.
  - 20. The apparatus of claim 18, wherein the replication component is configured to replicate the packet by turning off a learning mode.

21. A method for routing a packet over a network, comprising:
- receiving the packet at a distribution component;
  
  replicating the packet;
  
  forwarding the packet to a server in a plurality of servers using a first forwarding mechanism;
  
  selecting which of at least one probe of a plurality of probes to forward the replicate packet using a second forwarding mechanism and based at least on an application associated with the replicate packet, wherein the plurality of probes comprises two or more security probes that each perform a different security analysis on the replicate packet;
  
  forwarding the replicate packet to the selected at least one probe using the second forwarding mechanism;
  
  if a response packet received from at least one probe in the plurality of probes includes a reset command to the server, terminating a connection between the server and a client associated with the packet;
  
  transforming a source MAC address in the response packet to a MAC address of the distribution component;
  
  forwarding the transformed packet based in part on a destination MAC address in the transformed packet, andwherein the second forwarding mechanism further comprising the selecting based on a load-balancing mechanism.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The method of claim 21, wherein replicating the packet further comprises mirroring the packet at a port.
  - 23. The method of claim 21, wherein the second forwarding mechanism is selected based in part on the first forwarding mechanism.
  - 24. The method of claim 21, wherein replicating the packet further comprises turning off a learning mode.
  - 25. The method of claim 21, wherein the first forwarding mechanism further comprises selecting the at least one server based on a load-balancing mechanism.

26. An apparatus for routing a packet over a network, comprising:
- a means for receiving a packet;
  
  a means for replicating the packet;
  
  a means for forwarding the packet to a server using a first forwarding mechanism;
  
  a means for selecting which of at least one probe of a plurality of probes to forward the replicate packet using a second forwarding mechanism and based at least on an application associated with the replicate packet, wherein the plurality of probes comprises two or more security probes that each perform a different security analysis on the replicate packet;
  
  a means for forwarding the replicate packet to the selected at least one probe using the second forwarding mechanism;
  
  a means for terminating a connection between the server and a client associated with the packet a response packet received from at least one probe in the plurality of probes includes a reset command to the server, andwherein the second forwarding mechanism further comprising the selecting based on a load-balancing mechanism.

27. A system for routing a packet over a network, comprising:
- a replication component that generates a replicate packet for each received packet; and
  
  a non-transitory distribution component that receives the replicate packet from the replication component, wherein the distribution component is arranged to perform actions, including;
  
  if a first mode is selected, forwarding the replicate packet to each of a plurality of probes while forwarding the received packet to at least one server, wherein the plurality of probes comprises two or more security probes that each perform a different security analysis on the replicate packet;
  
  if a second mode is selected;
  
  selecting which one of the plurality of probes to forward the replicate packet based at least on an application associated with the replicate packet; and
  
  forwarding the replicate packet to the selected one of the plurality of probes while forwarding the received packet to at least one server;
  
  if a response packet received from at least one probe in the plurality of probes includes a reset command to the at least one server, terminating a connection between the at least one server and a client associated with the received packet, andwherein the second mode further comprising the selecting based on a load-balancing mechanism.
- View Dependent Claims (28, 29)
- - 28. The system of claim 27, wherein at least one security probe in the two or more security probes is arranged to perform a security analysis that comprises scanning the replicate packet for at least one of a virus, an unauthorized email, an unauthorized network access, an intrusion, or a denial of service attack.
  - 29. The system of claim 27, wherein forwarding the replicate packet to each of the plurality of probes further comprises configuring at least one of the probes to receive the replicate packet in a promiscuous mode.

30. A non-transitory computer-readable storage medium configured to include program instructions which, when executed on a processor, enable actions for routing a packet over a network, comprising:
- receiving the packet;
  
  replicating the packet;
  
  forwarding the packet to a server in a plurality of servers using a first forwarding mechanism;
  
  selecting which of at least one probe of a plurality of probes to forward the replicate packet using a second forwarding mechanism and based at least on an application associated with the replicate packet, wherein the plurality of probes comprises two or more security probes that each perform a different security analysis on the replicate packet;
  
  forwarding the replicate packet to the selected at least one probe using the second forwarding mechanism;
  
  terminating a connection between the server and a client associated with the packet if a response packet received from at least one probe in the plurality of probes includes a reset command to the server, andwherein the second forwarding mechanism further comprising the selecting based on a load-balancing mechanism.
- View Dependent Claims (31)
- - 31. The non-transitory computer-readable storage medium of claim 30, wherein receiving the response packet from the at least one probe in the plurality of probes is in response to the replicate packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
F5 Networks, Inc. (F5 Incorporated)
Inventors
Masters, Richard Roderick
Primary Examiner(s)
Shah, Chirag
Assistant Examiner(s)
REDDIVALAM, SRINIVASA R

Application Number

US12/372,927
Time in Patent Office

1,770 Days
Field of Search

None
US Class Current

370/390
CPC Class Codes

H04L 43/12 Network monitoring probes

System and method for managing traffic to a probe

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for managing traffic to a probe

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links