Rule-based network traffic interception and distribution scheme
First Claim
1. A network device comprising:
- a plurality of egress ports;
one or more processors; and
a memory coupled with and readable by the one or more processors, the memory including instructions that, when executed by the one or more processors, cause at least one processor from the one or more processors to perform operations including;
generating an identifier for a first data packet using a hash function and one or more attributes of the data packet;
determining a first class for the first data packet based on a specified first set of attributes of the first data packet;
determining a second class for a second data packet based on a specified second set of attributes of the second data packet;
determining a first set of ports from the plurality of egress ports, wherein the first set of ports is determined using the identifier and a first table from a plurality of tables, wherein the first table is associated with a first VLAN from a plurality of VLANS, wherein the first VLAN is associated with the first class but not the second class;
determining a second set of ports from the plurality of egress ports, wherein the second set of ports is determined using a second table from the plurality of tables, wherein the second table is associated with a second VLAN from the plurality of VLANS, wherein the second VLAN is associated with the second class but not the first class;
sending a copy of the first data packet through each egress port from the first set of ports; and
sending a copy of the second data packet through each egress port from the second set of ports.
6 Assignments
0 Petitions
Accused Products
Abstract
Using a hash function, an L2/L3 switch can produce an FID for a data packet. The L2/L3 switch can select, from among potentially several stored VLAN flooding tables, a particular VLAN flooding table that is associated with a particular VLAN on which the data packet is to be carried. The rows of the particular VLAN flooding table can specify different combinations of the particular VLAN'"'"'s egress ports. The L2/L3 switch can locate, in the particular VLAN flooding table, a particular row that specifies the FID. The L2/L3 switch can read, from the particular row, a specified subset of the egress ports that are associated with the particular VLAN. The L2/L3 switch can transmit copies of the data packet out each of the egress ports specified in the subset, toward analytic servers connected to those egress ports.
-
Citations
12 Claims
-
1. A network device comprising:
-
a plurality of egress ports; one or more processors; and a memory coupled with and readable by the one or more processors, the memory including instructions that, when executed by the one or more processors, cause at least one processor from the one or more processors to perform operations including; generating an identifier for a first data packet using a hash function and one or more attributes of the data packet; determining a first class for the first data packet based on a specified first set of attributes of the first data packet; determining a second class for a second data packet based on a specified second set of attributes of the second data packet; determining a first set of ports from the plurality of egress ports, wherein the first set of ports is determined using the identifier and a first table from a plurality of tables, wherein the first table is associated with a first VLAN from a plurality of VLANS, wherein the first VLAN is associated with the first class but not the second class; determining a second set of ports from the plurality of egress ports, wherein the second set of ports is determined using a second table from the plurality of tables, wherein the second table is associated with a second VLAN from the plurality of VLANS, wherein the second VLAN is associated with the second class but not the first class; sending a copy of the first data packet through each egress port from the first set of ports; and sending a copy of the second data packet through each egress port from the second set of ports.
-
-
2. A network device, comprising:
-
a plurality of egress ports; one or more processors; and a memory coupled with and readable by the one or more processors, the memory including instructions that, when executed by the one or more processors, cause at least one processor from the one or more processors to perform operations including; generating a first identifier by inputting attributes of a first data packet into a hash function; reading a first set of egress ports from a first table row from a table, wherein the first table row is associated with the first identifier; sending a copy of the first data packet to each egress port from the first set of egress ports; generating a second identifier for a second data packet by inputting attributes of the second data packet into the hash function; reading a second set of egress ports from a second table row from the table, wherein the second table row is associated with the second identifier but not the first; and sending a copy of the second data packet through each egress port in the second set of egress ports; wherein the second set of egress ports differs from the first set of egress ports; and wherein the second set of egress ports and the first set of egress ports both belong to a same VLAN.
-
-
3. A non-transitory computer-readable storage medium storing instructions which, when executed by one or more processors, cause the one or more processors to perform operations including:
-
generating an identifier for a first data packet received by a network device, the network device including a plurality of egress ports, wherein the identifier is generated using a hash function and one or more attributes of the first data packet; determining a first class for the first data packet, wherein the first class is determined based on a specified first set of attributes of the first data packet; determining a second class for a second data packet received by the network device, wherein the second class is determined based on a specified second set of attribute of the second data packet; determining a first set of ports from the plurality of egress ports, wherein the first set of ports is determined using the identifier and a first table from a plurality of tables, wherein the first table is associated with a first VLAN from a plurality of VLANs, wherein the first VLAN is associated with the first class but not the second class; sending a copy of the first packet through each egress port from the first set of ports; determining a second set of ports from the plurality of egress ports using a second table from the plurality of tables, wherein the second table is associated with a second VLAN from the plurality of VLANs, wherein the second VLAN is associated with the second class but not the first class; and sending a copy of the second packet through each egress port from the second set of ports.
-
-
4. A non-transitory computer-readable storage medium storing instructions which, when executed by one or more processors, cause the one or more processors to perform operations including:
-
generating a first identifier by inputting attributes of a first data packet received by a network device into the hash function, the network device including a plurality of egress ports; reading a first set of egress ports from a first table row from a table, wherein the first table row is associated with the first identifier; sending a copy of the first data packet through each egress port in the first set of egress ports; generating a second identifier for a second data packet received by the network device by inputting attributes of the second data packet into the hash function; reading a second set of egress ports from a second table row from the table, wherein the second table row is associated with the second identifier but not the first identifier; and sending a copy of the second data packet through each egress port in the second set of egress ports; wherein the second set of egress ports differs from the first set of egress ports; wherein the second set of egress ports and the first set of egress ports both belong to a same VLAN.
-
-
5. A method comprising:
-
receiving a data packet on an ingress port of a network device, wherein the ingress port is associated with an ingress trunk, the network device including a plurality of egress ports; determining a category for the data packet by applying, to a first set of attributes of the data packet, a set of rules associated with the ingress trunk; selecting, from a plurality of VLANs, a particular VLAN that is mapped to the category; selecting, from a plurality of VLAN flooding tables, a particular VLAN flooding table that is mapped to the particular VLAN; determining an identifier by inputting a second set of attributes of the data packet into a hash function; locating, in the particular VLAN flooding table, a particular row associated with the identifier, wherein the particular row identifies a set of egress ports from the plurality of egress ports; generating a duplicate of the data packet; and forwarding the duplicate of the data packet through each of the egress ports in the set of egress ports identified by the particular row, wherein the forwarding includes using VLAN flooding; wherein the set of egress ports identified by the particular row includes a first combination of egress ports, the first combination including one egress port per egress trunk of a the particular VLAN; wherein a second row of the particular VLAN flooding table specifies a second combination of egress ports, the second combination including one egress port per egress trunk of the particular VLAN; and wherein, for each particular egress trunk from the plurality of trunks of the particular VLAN, the first combination specifies a first egress port of the particular egress trunk and the second combination specifies a second egress port of the particular egress trunk that is different from the first egress port of the particular egress trunk.
-
-
6. A network device, comprising:
-
a plurality of ports; and one or more processors; wherein the network device is configured to include a plurality of virtual local area networks (VLANs), wherein each VLAN from the plurality of VLANs is associated with one or more ports from the plurality of ports; and wherein the one or more processors are configured to; determine a class for a packet, wherein the class is determined using one or more first attributes of the packet; select a VLAN from the plurality of VLANs, wherein the selected VLAN is associated with the class; determine, using a hash function and one or more second attributes of the packet, an identifier for the packet; select, using the identifier, a set of ports from the one or more ports associated with the selected VLAN, wherein a number of the ports in the set of ports is less than a number of the one or more ports associated with the selected VLAN; and send a copy of the packet through each port from the set of ports. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
Specification