System, method and apparatus for traffic mirror setup, service and security in communication networks

US 8,819,213 B2
Filed: 08/19/2005
Issued: 08/26/2014
Est. Priority Date: 08/20/2004
Status: Active Grant

First Claim

Patent Images

1. A method for dynamically mirroring network traffic in a packet forwarding device, the method comprising:

monitoring an operational characteristic of a network for a criterion; and

in response to detection of the criterion in the monitored operational characteristic of the network, dynamically initiating traffic mirroring of one or more packets in one or more flows of network traffic received by a packet forwarding device en-route to a destination device by,establishing a mirror source for mirroring traffic,identifying available mirror destinations for the mirrored traffic, andselecting at least one of the available mirror destinations to receive the mirrored traffic,wherein dynamic initiation of traffic mirroring occurs automatically in response to detection of the criterion.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides method and systems for dynamically mirroring network traffic. The mirroring of network traffic may comprise data that may be considered of particular interest. The network traffic may be mirrored by a mirror service portal from a mirror sender, referred to as a mirror source, to a mirror receiver, referred to as a mirror destination, locally or remotely over various network segments, such as private and public networks and the Internet. The network traffic may be mirrored to locations not involved in the network communications being mirrored. The present invention provides various techniques for dynamically mirroring data contained in the network traffic from a mirror source to a mirror destination.

68 Citations

View as Search Results

31 Claims

1. A method for dynamically mirroring network traffic in a packet forwarding device, the method comprising:
- monitoring an operational characteristic of a network for a criterion; and
  
  in response to detection of the criterion in the monitored operational characteristic of the network, dynamically initiating traffic mirroring of one or more packets in one or more flows of network traffic received by a packet forwarding device en-route to a destination device by,establishing a mirror source for mirroring traffic,identifying available mirror destinations for the mirrored traffic, andselecting at least one of the available mirror destinations to receive the mirrored traffic,wherein dynamic initiation of traffic mirroring occurs automatically in response to detection of the criterion.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The method of claim 1, wherein the criterion comprises a policy based criterion.
  - 3. The method of claim 1, wherein the criterion comprises a trigger.
  - 4. The method of claim 1, wherein the operational characteristic comprises network usage.
  - 5. The method of claim 1, wherein the operational characteristic comprises network traffic.
  - 6. The method of claim 1, wherein the criterion comprises an event in the monitored operational characteristic.
  - 7. The method of claim 1, further comprising providing additional data related to the mirrored traffic to the selected mirror destination.
  - 8. The method of claim 1, further comprising buffering the mirrored traffic.
  - 9. The method of claim 1, wherein dynamically initiating traffic mirroring comprises making policy changes to the network based on requirements for traffic mirroring.
  - 10. The method of claim 1, wherein dynamically initiating traffic mirroring further comprises establishing a mirror service portal.
  - 11. The method of claim 10, wherein the minor service portal is established based on defined/established parameters.
  - 12. The method of claim 11, wherein the defined/established parameters comprise the bandwidth limitations of the mirror service portal.
  - 13. The method of claim 11, wherein the defined/established parameters comprise the desired quality of service for the mirror service portal.
  - 14. The method of claim 11, wherein the defined/established parameters comprise the security requirements of the minor service portal.
  - 15. The method of claim 11, wherein the defined/established parameters comprise the requirements of a destination for the minor service portal.
  - 16. The method of claim 1, further comprising:
    - communicating, by the minor source, the mirrored traffic to the minor destination.
  - 17. The method of claim 16, wherein the mirrored traffic is communicated using a tunneling protocol.
  - 18. The method of claim 1, further comprising:
    - selecting the one or more packets of network traffic for mirroring to the at least one of the available mirror destinations as the mirrored traffic.
  - 19. The method of claim 18, wherein only a portion of data in the selected packets of network traffic is mirrored as mirrored traffic.
  - 20. The method of claim 1, wherein dynamically initiating traffic mirroring of the one or more packets of network traffic received by the packet forwarding device comprises:
    - dynamically initiating traffic mirroring of the one or more packets of network traffic received by the packet forwarding device between the minor source and the at least one of the available mirror destination devices of the network.
  - 21. The method of claim 20, wherein the at least one of the available mirror destinations is distinct from a source device of the network traffic received by the packet forwarding device, a destination device of the network traffic received by the packet forwarding device, and the packet forwarding device.
  - 22. The method of claim 1, wherein the packet forwarding device is one of a switch and a router.
  - 23. The method of claim 1, wherein the minor source is established for mirroring traffic received by the packet forwarding device.

24. A non-transitory computer readable storage medium storing computer executable instructions for performing a method in a packet forwarding device, the method comprising:
- monitoring an operational characteristic of a network for a criterion; and
  
  in response to detection of the criterion in the monitored operational characteristic, dynamically initiating traffic mirroring of one or more packets in one or more flows of network traffic from a packet forwarding device en-route to a destination device by,establishing a mirror source for mirroring traffic,identifying available mirror destinations for the mirrored traffic, andselecting one of the identified mirror destinations to receive mirrored traffic,wherein dynamic initiation of traffic mirroring occurs automatically in response to detection of the criterion.

25. A network for dynamically mirroring network traffic from a packet forwarding device, the network comprising:
- a mirror traffic mechanism configured to monitor an operational characteristic of a network for a first criterion and, in response to detection of the first criterion, to initiate mirroring of one or more packets of network traffic from one or more flows of network traffic received by a packet forwarding device en-route to a destination device;
  
  a mirror source node for providing the mirrored network traffic; and
  
  a mirror destination node for receiving the mirrored network traffic from the minor source node;
  
  wherein a mirror service portal between the minor source node and the minor destination node is dynamically established upon the first criterion being detected byestablishing the mirror source node for mirroring traffic,identifying available mirror destination nodes for the mirrored traffic, andselecting the mirror destination node to receive mirrored traffic based on the available mirror destination nodes identified.
- View Dependent Claims (26, 27)
- - 26. The network of claim 25, wherein the minor service portal is established using a tunneling protocol.
  - 27. The network of claim 26, wherein the tunneling protocol comprises a protocol selected from one of Mac-in-Mac tunneling;
    - IEEE 802.1 backbone provider bridging;
      
      Internet protocol in Internet Protocol Tunneling;
      
      Generic Router Encapsulation Tunneling;
      
      Point to Point Protocol;
      
      Layer 2 tunneling protocol version 2;
      
      Layer 2 tunneling protocol version 3;
      
      IP Security tunnels;
      
      or GPRS tunneling protocol.

28. A packet forwarding network device for dynamically mirroring network traffic, the device comprising:
- a traffic monitor mechanism for monitoring network traffic of a network for a criterion; and
  
  a mirror source device for receiving one or more packets of network traffic from one or more flows of network traffic en-route to a destination device in response to the criterion having been met, for identifying available minor destinations for receiving one or more mirrored packets of network traffic from the packet forwarding device, for selecting at least one of the identified mirror destinations as a location to receive the one or more mirrored packets of network traffic, and for directing the one or more mirrored packets of network traffic to the identified minor destination.
- View Dependent Claims (29, 30, 31)
- - 29. The network device of claim 28, further comprising a network interface for communicating the one or more network traffic packets to a mirror destination.
  - 30. The network device of claim 28, further comprising a media tapping function.
  - 31. The network device of claim 28, wherein the monitored operational characteristic comprises mirrored network traffic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Extreme Networks, Inc.
Inventors
Graham, Richard W., Frattura, David E., Roese, John
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Pan, Peiliang

Application Number

US11/208,372
Publication Number

US 20060059163A1
Time in Patent Office

3,294 Days
Field of Search

709223-228, 707/10, 707633-635, 370/229, 370/232, 370/235, 726/2, 726/3
US Class Current

709/224
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 43/00   Arrangements for monitoring...

H04L 43/0882   Utilisation of link capacity

H04L 43/16   Threshold monitoring

H04L 63/00   Network architectures or ne...

H04L 63/14   for detecting or protecting...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/166   at the transport layer

H04L 63/30   for supporting lawful inter...

H04L 67/1095   Replication or mirroring of...

System, method and apparatus for traffic mirror setup, service and security in communication networks

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and apparatus for traffic mirror setup, service and security in communication networks

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links