Automatically determining sensor location in a virtualized computing environment

US 9,733,973 B2
Filed: 09/16/2015
Issued: 08/15/2017
Est. Priority Date: 09/16/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

in a virtualized computing system in which a plurality of software sensors are deployed and in which there are one or more traffic flows, receiving captured network data from the plurality of sensors, the captured network data from a given sensor of the plurality of sensors including a sensor identity of the given sensor and flow identifiers indicating one or more traffic flows detected by the given sensor;

analyzing the received captured network data to identify a first group of sensors, a second group of sensors, and a third group of sensors, wherein all traffic flows observed by the first group of sensors are also observed by the second group of sensors, but only a subset of traffic flows observed by the second group of sensors are also observed by the first group of sensors, and wherein all traffic flows observed by the second group of sensors are also observed by the third group of sensors, but only a subset of the traffic flows observed by the third group of sensors are also observed by the second group of sensors; and

determining, for each respective sensor, a location of the respective sensor relative to one or more other sensors within the virtualized computing system based upon which group of sensors, among the first group of sensors, the second group of sensors, or the third group of sensors, the respective sensor belongs,wherein if the respective sensor belongs to the first group of sensors, determining that the respective sensor is within a virtual machine,wherein if the respective sensor belongs to the second group of sensors, determining that the respective sensor is within a hypervisor, andwherein if the respective sensor belongs to the third group of sensors, determining that the respective sensor is within a network device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A virtualized computing system including software sensors captures network data from one or more traffic flows the sensors. The captured network data from a given sensor indicates one or more traffic flows detected by the given sensor. The received captured network data is analyzed to identify, for each respective sensor, a first group of sensors, a second group of sensors, and a third group of sensors. All traffic flows observed by the first group of sensors are also observed by the second group of sensors. All traffic flows observed by the second group of sensors are also observed by the third group of sensors. A location of each respective sensor relative to other sensors within the virtualized computing system is determined based upon whether the respective sensor belongs to the first group of sensors, the second group of sensors, or the third group of sensors.

126 Citations

17 Claims

1. A computer-implemented method comprising:
- in a virtualized computing system in which a plurality of software sensors are deployed and in which there are one or more traffic flows, receiving captured network data from the plurality of sensors, the captured network data from a given sensor of the plurality of sensors including a sensor identity of the given sensor and flow identifiers indicating one or more traffic flows detected by the given sensor;
  
  analyzing the received captured network data to identify a first group of sensors, a second group of sensors, and a third group of sensors, wherein all traffic flows observed by the first group of sensors are also observed by the second group of sensors, but only a subset of traffic flows observed by the second group of sensors are also observed by the first group of sensors, and wherein all traffic flows observed by the second group of sensors are also observed by the third group of sensors, but only a subset of the traffic flows observed by the third group of sensors are also observed by the second group of sensors; and
  
  determining, for each respective sensor, a location of the respective sensor relative to one or more other sensors within the virtualized computing system based upon which group of sensors, among the first group of sensors, the second group of sensors, or the third group of sensors, the respective sensor belongs,wherein if the respective sensor belongs to the first group of sensors, determining that the respective sensor is within a virtual machine,wherein if the respective sensor belongs to the second group of sensors, determining that the respective sensor is within a hypervisor, andwherein if the respective sensor belongs to the third group of sensors, determining that the respective sensor is within a network device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the received captured network data for the given sensor includes an Internet Protocol address or a Media Access Control address for the given sensor within the virtualized computing system.
  - 3. The method of claim 1, further comprising:
    - migrating a virtual machine from a first host to a second host in the virtualized computing system, wherein the virtual machine includes one of the plurality of sensors; and
      
      determining a location of the virtual machine that has migrated from the first host to the second host in the virtualized computing system, based upon the captured network data from the plurality of sensors.
  - 4. The method of claim 1, further comprising:
    - determining, for a plurality of virtual machines and a plurality of hypervisors, which sets of virtual machines are managed by which hypervisors, based upon the captured network data.
  - 5. The method of claim 1, further comprising:
    - for each respective traffic flow of the one or more traffic flows, identifying a set of software sensors that detects the respective traffic flow;
      
      calculating, for each software sensor of the set of software sensors, a tuple having a first element and a second element, wherein the first element corresponds to an individual sensor of the set of software sensors and the second element corresponds to the remaining sensors in the set of software sensors; and
      
      grouping, for each respective sensor, all tuples having the same first element.
  - 6. The method of claim 5, comprising:
    - for each respective group of tuples, computing an intersection of the second elements of the tuples in the respective group of tuples to determine a first subset of sensors; and
      
      computing a difference between a union of the second elements of the tuples in the respective group of tuples and the intersection of the second elements of the tuples in the respective group of tuples to determine a second subset of sensors.

7. An apparatus comprising:
- a network interface unit configured to enable network communications;
  
  a memory; and
  
  a processor coupled to the network interface unit and configured to;
  
  receive, in a virtualized computing system in which a plurality of software sensors are deployed and in which there are one or more traffic flows, captured network data from the plurality of sensors, the captured network data from a given sensor of the plurality of sensors including a sensor identity of the given sensor and flow identifiers indicating one or more traffic flows detected by the given sensor;
  
  analyze the received captured network data to identify a first group of sensors, a second group of sensors, and a third group of sensors, wherein all traffic flows observed by the first group of sensors are also observed by the second group of sensors, but only a subset of traffic flows observed by the second group of sensors are observed by the first group of sensors, and wherein all traffic flows observed by the second group of sensors are also observed by the third group of sensors, but only a subset of traffic flows observed by the third group of sensors are also observed by the second group of sensors; and
  
  determine, for each respective sensor, a location of the respective sensor relative to one or more other sensors within the virtualized computing system based upon which group of sensors, among the first group of sensors, the second group of sensors, or the third group of sensors, the respective sensor belongs,wherein if the respective sensor belongs to the first group of sensors, the processor is configured to determine that the respective sensor is within a virtual machine,wherein if the respective sensor belongs to the second group of sensors, the processor is configured to determine that the respective sensor is within a hypervisor, andwherein if the respective sensor belongs to the third group of sensors, the processor is configured to determine that the respective sensor is within a network device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The apparatus of claim 7, wherein the received captured network data for the given sensor includes an Internet Protocol address or a Media Access Control address for the given sensor within the virtualized computing system.
  - 9. The apparatus of claim 7, wherein the processor is configured to:
    - migrate a virtual machine from a first host to a second host in the virtualized computing system, wherein the virtual machine includes one of the plurality of sensors; and
      
      determine the location of the migrated virtual machine that has migrated from the first host to the second host in the virtualized computing system, based upon the captured network data from the plurality of sensors.
  - 10. The apparatus of claim 7, wherein the processor is configured to:
    - determine, for a plurality of virtual machines and a plurality of hypervisors, which sets of virtual machines are managed by which hypervisors, based upon the captured network data.
  - 11. The apparatus of claim 7, wherein the processor is configured to:
    - identify, for each respective traffic flow of the one or more traffic flows, a set of software sensors that detects the respective traffic flow;
      
      calculate, for each software sensor of the set of software sensors, a tuple having a first element and a second element, wherein the first element corresponds to an individual sensor of the set of software sensors and the second element corresponds to the remaining sensors in the set of software sensors; and
      
      group, for each respective sensor, all tuples having the same first element.
  - 12. The apparatus of claim 11, wherein the processor is configured to:
    - for each respective group of tuples, compute an intersection of the second elements of the tuples in the respective group of tuples to determine a first subset of sensors; and
      
      compute a difference between a union of the second elements of the tuples in the respective group of tuples and the intersection of the second elements of the tuples in the respective group of tuples to determine a second subset of sensors.

13. A non-transitory computer readable storage media encoded with instructions that, when executed by a processor of a computing device, cause the processor to:
- receive, in a virtualized computing system in which a plurality of software sensors are deployed and in which there are one or more traffic flows, captured network data from the plurality of sensors, the captured network data from a given sensor of the plurality of sensors including a sensor identity of the given sensor and flow identifiers indicating one or more traffic flows detected by the given sensor;
  
  analyze the received captured network data to identify a first group of sensors, a second group of sensors, and a third group of sensors, wherein all traffic flows observed by the first group of sensors are also observed by the second group of sensors, but only a subset of traffic flows observed by the second group of sensors are observed by the first group of sensors, and wherein all traffic flows observed by the second group of sensors are also observed by the third group of sensors, but only a subset of traffic flows observed by the third group of sensors are also observed by the second group of sensors; and
  
  determine, for each respective sensor, a location of the respective sensor relative to one or more other sensors within the virtualized computing system based upon which group of sensors, among the first group of sensors, the second group of sensors, or the third group of sensors, the respective sensor belongs,wherein if the respective sensor belongs to the first group of sensors, the instructions cause the processor to determine that the respective sensor is within a virtual machine,wherein if the respective sensor belongs to the second group of sensors, the instructions cause the processor to determine that the respective sensor is within a hypervisor, andwherein if the respective sensor belongs to the third group of sensors, the instructions cause the processor to determine that the respective sensor is within a network device.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The non-transitory computer readable storage media of claim 13, wherein the processor is configured to:
    - migrate a virtual machine from a first host to a second host in the virtualized computing system, wherein the virtual machine includes one of the plurality of sensors; and
      
      determine the location of the migrated virtual machine that has migrated from the first host to the second host in the virtualized computing system, based upon the captured network data from the plurality of sensors.
  - 15. The non-transitory computer readable storage media of claim 13, wherein the processor is configured to:
    - determine, for a plurality of virtual machines and a plurality of hypervisors, which sets of virtual machines are managed by which hypervisors, based upon the captured network data.
  - 16. The non-transitory computer readable storage media of claim 13, wherein the processor is configured to:
    - identify, for each respective traffic flow of the one or more traffic flows, a set of software sensors that detects the respective traffic flow;
      
      calculate, for each software sensor of the set of software sensors, a tuple having a first element and a second element, wherein the first element corresponds to an individual sensor of the set of software sensors and the second element corresponds to the remaining sensors in the set of software sensors; and
      
      group, for each respective sensor, all tuples having the same first element.
  - 17. The non-transitory computer readable storage media of claim 16, wherein the processor is configured to:
    - compute, for each respective group of tuples, an intersection of the second elements of the tuples in the respective group of tuples to determine a first subset of sensors; and
      
      compute a difference between a union of the second elements of the tuples in the respective group of tuples and the intersection of the second elements of the tuples in the respective group of tuples to determine a second subset of sensors.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Prasad, Rohit C., Deen, Khawar, Gupta, Anubhav, Chang, Shih-Chun, Gandham, Shashidhar R., Kulshreshtha, Ashutosh, Yadav, Navindra
Primary Examiner(s)
GHAFFARI, ABU Z

Application Number

US14/855,811
Publication Number

US 20170075710A1
Time in Patent Office

699 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45591   Monitoring or debugging sup...

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

H04L 41/0893   Assignment of logical group...

H04L 41/12   Discovery or management of ...

H04L 43/026   using flow identification

H04L 43/12   Network monitoring probes

Y02D 30/50   in wire-line communication ...

Automatically determining sensor location in a virtualized computing environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

126 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Automatically determining sensor location in a virtualized computing environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

126 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links